CVE-2007-1498

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions prior to 3.6.1 Patch 1 ProtectionPilot (PRP) versions prior to 1.5.0 HotFix

Description The issue concerns multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long argument to the ExportSiteList and VerifyPackageCatalog functions, as well as through unspecified vectors involving a swprintf function call.

Recommendations For McAfee ePolicy Orchestrator (ePO) versions prior to 3.6.1 Patch 1, update to version 3.6.1 Patch 1 or later. For ProtectionPilot (PRP) versions prior to 1.5.0 HotFix, apply the 1.5.0 HotFix. As a temporary workaround, consider restricting access to the SiteManager.SiteMgr.1 ActiveX control until a patch is applied.