CVE-2007-1498
McAfee ePolicy Orchestrator and ProtectionPilot - Stack-Based Buffer Overflow via SiteManager ActiveX Control
Title source: llmDescription
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
References (9)
Core 9
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22952
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2444
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0931
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/714593
Patch mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1017757
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24466
Patch x_refsource_confirm
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html
Patch x_refsource_confirm
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html
Scores
EPSS
0.2808
EPSS Percentile
96.5%
Details
Status
published
Products (5)
mcafee/epolicy_orchestrator
3.5.0
mcafee/epolicy_orchestrator
3.6.0
mcafee/epolicy_orchestrator
3.6.1
mcafee/protectionpilot
1.1.1 p3
mcafee/protectionpilot
1.5.0
Published
Mar 16, 2007
Tracked Since
Feb 18, 2026