Description
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/78810
Various Sources x_refsource_misc
http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
Various Sources x_refsource_misc
http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10142
Scores
EPSS
0.0002
EPSS Percentile
6.1%
Details
CWE
CWE-264
Status
published
Products (1)
mcafee/virusscan_enterprise
< 8.8.0
Published
Dec 16, 2015
Tracked Since
Feb 18, 2026