Added: 05/11/2007
CVE: CVE-2007-1498
BID: 22952
OSVDB: 33796
ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by **sitemanager.dll**
.
A buffer overflow vulnerability in the SiteManager ActiveX control allows command execution when the **ExportSiteList**
function is called with a long argument.
Apply one of the patches referenced in McAfee Document ID 612495 or 612496.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0162.html>
Exploit works on McAfee ePolicy Orchestrator 3.6.1 (sitemanager.dll 3.6.1.166) on Windows 2000 SP4 and Windows XP SP1 and requires a user to load the exploit page into Internet Explorer.
Windows 2000 SP4
Windows XP SP1