McAfee Information for VU#714593

McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability

Status

Affected

Vendor Statement

On March 13, McAfee published a vulnerability announcement to its online knowledgebase and pro-actively contacted customers through various means to alert them of security patches posted which fix these non-critical security flaws. The security flaws in McAfee ePolicy Orchestrator and McAfee ProtectionPilot SiteManager.dll are only found on machines that have the management console installed on it and are only exploitable with the assistance of the end user. Very few machines in an organization should have this console installed on it, and it is not installed with any of McAfee's other products or the ePolicy Orchestrator and ProtectionPilot agent.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

See https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us email.