Description
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/31399
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
https://knowledge.mcafee.com/article/234/615103_f.sal_public.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41178
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3748
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019609
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29337
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28228
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/meccaffi-adv.txt
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0866/references
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489476/100/0/threaded
Scores
EPSS
0.2788
EPSS Percentile
96.5%
Details
CWE
CWE-134
Status
published
Products (9)
mcafee/agent
4.0
mcafee/cma
3.0.6.453
mcafee/cma
3.5.5.438
mcafee/cma
3.6.438
mcafee/cma
3.6.453
mcafee/cma
3.6.546
mcafee/cma
3.6.574
mcafee/epolicy_orchestrator
4.0
mcafee/mcafee_framework
3.6.569
Published
Mar 17, 2008
Tracked Since
Feb 18, 2026