Critical Security Flaw in McaFee ViruScan Enterprise Edition Published

Discussion in 'other security issues & news' started by hawki, Dec 2, 2010.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,958
    Location:
    DC Metro Area
    Security giant McAfee is investigating a publicly disclosed DLL preloading vulnerability in version 8.5i of its VirusScan Enterprise (VSE) product, which can lead to remote code execution.

    McAfee VirusScan Enterprise is the company’s endpoint antivirus product for corporate environments and is currently at version 8.7i Patch 4.

    In a knowledge base article published yesterday, McAfee revealed that it is investigating reports of a vulnerability in VSE 8.5i and earlier, which could allow remote attackers to execute arbitrary code in the context of the antivirus.

    The company described the flaw as a “DLL Side Load issue” and rated its impact as medium. The calculated CVSS base score is 5.7 out of 10.

    In contrast, vulnerability research company Secunia rates the issue as “highly critical” and calls it an “insecure library loading” flaw.

    http://news.softpedia.com/news/McAf...ution-Flaw-in-Enterprise-Scanner-170168.shtml
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    I worry about McAfee. I'm just glad I don't use it any more. :eek:
     
Loading...
Thread Status:
Not open for further replies.