CVE-2007-1498

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-1498
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html Patch
http://secunia.com/advisories/24466 Patch Vendor Advisory
http://securityreason.com/securityalert/2444
http://www.kb.cert.org/vuls/id/714593 US Government Resource
http://www.securityfocus.com/bid/22952 Patch
http://www.securitytracker.com/id?1017757
http://www.vupen.com/english/advisories/2007/0931
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html Patch
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html Patch
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html Patch
http://secunia.com/advisories/24466 Patch Vendor Advisory
http://securityreason.com/securityalert/2444
http://www.kb.cert.org/vuls/id/714593 US Government Resource
http://www.securityfocus.com/bid/22952 Patch
http://www.securitytracker.com/id?1017757
http://www.vupen.com/english/advisories/2007/0931
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html Patch
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:protectionpilot:1.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:mcafee:protectionpilot:1.5.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:28

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html - Patch () http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html - Patch
References () http://secunia.com/advisories/24466 - Patch, Vendor Advisory () http://secunia.com/advisories/24466 - Patch, Vendor Advisory
References () http://securityreason.com/securityalert/2444 - () http://securityreason.com/securityalert/2444 -
References () http://www.kb.cert.org/vuls/id/714593 - US Government Resource () http://www.kb.cert.org/vuls/id/714593 - US Government Resource
References () http://www.securityfocus.com/bid/22952 - Patch () http://www.securityfocus.com/bid/22952 - Patch
References () http://www.securitytracker.com/id?1017757 - () http://www.securitytracker.com/id?1017757 -
References () http://www.vupen.com/english/advisories/2007/0931 - () http://www.vupen.com/english/advisories/2007/0931 -
References () https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html - Patch () https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html - Patch
References () https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html - Patch () https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html - Patch
Information

Published : 2007-03-16 22:19

Updated : 2024-11-21 00:28

NVD link : CVE-2007-1498

Mitre link : CVE-2007-1498

CVE.ORG link : CVE-2007-1498

JSON object : View

Products Affected

mcafee

  • epolicy_orchestrator
  • protectionpilot
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024