Home Blog Papers Advisories Alerts Tools Services About eEye.com
eEye Digital Security
Blog PostsBlog Posts
Jan 23
eyebrow-raising coverage for packers Dec 20
...Staying Busy...
Published AdvisoriesPublished Advisories
Severity: HIGHNov 20
BitDefender Online Scanner 8 Double Decode Heap Overflow
Severity: HIGHNov 15
Multiple Vulnerabilities In .FLAC File Format and Various Media Applications

Severity: HIGHOct 11
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference


Upcoming AdvisoriesUpcoming Advisories
Severity: HIGHNov 15
Linksys

Severity: HIGHOct 3
CA BrightStor Arcserve Backup Server Service Disruption

eEye Research Logo Sign Up for Vulnerability Assessment News
Advisories | Upcoming Advisories | EEYEB-20060719

Date Reported:
July 19, 2006

Vendor:
McAfee

Description:
A flaw exists in multiple McAfee consumer products that could allow an attacker the ability to execute arbitrary commands on the vulnerable systems. This can lead to complete system compromise at which point an attacker could install trojans, modify/delete files, or perform any other activity as a normal logged on user would.

Please note: For those looking for more information on the McAfee flaw previously disclosed in the McAfee enterprise line please click here .

Severity:
High (Remote Code Execution)

Remote Code Execution:
Yes

Software Affected:
Products we purchased and upgraded to the very latest possible customer version which we were able to succesfully compromise:
McAfee Internet Security Suite 2006
McAfee Wireless Home Network Security

We also downloaded the latest free trial versions of the following products which we were also able to succesfully compromise:
McAfee Personal Firewall Plus
McAfee VirusScan
McAfee Privacy Service
McAfee SpamKiller
McAfee AntiSpyware

Status:
Flaw reported to vendor and confirmed
 Privacy l Legal
Copyright © 1998-2008 eEye Digital Security