CVE-2003-0616

McAfee ePolicy Orchestrator 2.0, 2.5, 2.5.1 - Remote Code Execution via Format String in Computerlist Parameter

Title source: llm

Description

Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.

References (2)

Core 2

Core References

Various Sources vendor-advisory x_refsource_atstake

http://www.atstake.com/research/advisories/2003/a073103-1.txt

Various Sources x_refsource_confirm

http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp

Scores

EPSS 0.0197

EPSS Percentile 83.8%

Details

Status published

Products (3)

mcafee/epolicy_orchestrator 2.0

mcafee/epolicy_orchestrator 2.5 (2 CPE variants)

mcafee/epolicy_orchestrator 2.5.1

Published Aug 27, 2003

Tracked Since Feb 18, 2026