CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-1498

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile13.67th
Published2007年3月16日
Last Modified2026年4月23日

Vulnerability Description

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.

Affected Platforms (CPE)

📦
Mcafee

Epolicy Orchestrator

= 3.5.0
📦
Mcafee

Epolicy Orchestrator

= 3.6.0
📦
Mcafee

Epolicy Orchestrator

= 3.6.1
📦
Mcafee

Protectionpilot

= 1.1.1
📦
Mcafee

Protectionpilot

= 1.5.0

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html
🔗 http://secunia.com/advisories/24466
🔗 http://securityreason.com/securityalert/2444
🔗 http://www.kb.cert.org/vuls/id/714593
🔗 http://www.securityfocus.com/bid/22952
🔗 http://www.securitytracker.com/id?1017757
🔗 http://www.vupen.com/english/advisories/2007/0931
🔗 https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html

関連する脆弱性情報

CVE-2006-515610.0

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to ex...

CVE-2016-802710.0

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and e...

CVE-2002-069010.0

Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code ...

CVE-2015-87658.3

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix...