CVE-2006-5156

Mcafee Epolicy Orchestrator - Buffer Overflow

Title source: rule

Description

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

Exploits (3)

metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/mcafee_epolicy_source.rb
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows_x86
https://www.exploit-db.com/exploits/16783
exploitdb WORKING POC VERIFIED
by muts · remotewindows
https://www.exploit-db.com/exploits/2467

References (14)

Scores

EPSS 0.8296
EPSS Percentile 99.2%

Classification

Status draft

Affected Products (4)

mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/epolicy_orchestrator
mcafee/protectionpilot

Timeline

Published Oct 05, 2006
Tracked Since Feb 18, 2026