CVE-2008-1855

Name of the Vulnerable Software and Affected Versions McAfee Common Management Agent (CMA) versions 3.6.0.574 Patch 3 and earlier

Description The issue allows remote attackers to corrupt memory and cause a denial of service, resulting in the CMA Framework service crash. This can be achieved by sending requests for the "/spin//AVClient//AVClient.csp" URI with a long invalid method.

Recommendations For McAfee Common Management Agent (CMA) versions 3.6.0.574 Patch 3 and earlier, consider restricting access to the "/spin//AVClient//AVClient.csp" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.