Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and previous versions, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee cma 3.6.574 |
||
mcafee epolicy orchestrator 4.0 |
||
mcafee cma 3.5.5.438 |
||
mcafee cma 3.6.438 |
||
mcafee agent 4.0 |
||
mcafee cma 3.0.6.453 |
||
mcafee mcafee framework 3.6.569 |
||
mcafee cma 3.6.453 |
||
mcafee cma 3.6.546 |