McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String

EDB-ID:

31399




Platform:

Windows

Date:

2008-03-12


source: https://www.securityfocus.com/bid/28228/info

McAfee Framework is prone to a remote format-string vulnerability.

Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will likely cause denial-of-service conditions.
McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0 are vulnerable to this issue; other versions may also be affected.

NOTE: This issue occurs only when the default debug level (7) is raised to 8. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/31399.zip