McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow

2007-05-1100:00:00

SAINT Corporation

www.saintcorporation.com

0.875 High

EPSS

Percentile

98.3%

JSON

Added: 05/11/2007
CVE: CVE-2007-1498
BID: 22952
OSVDB: 33796

Background

ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by **sitemanager.dll**.

Problem

A buffer overflow vulnerability in the SiteManager ActiveX control allows command execution when the **ExportSiteList** function is called with a long argument.

Resolution

Apply one of the patches referenced in McAfee Document ID 612495 or 612496.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0162.html>

Limitations

Exploit works on McAfee ePolicy Orchestrator 3.6.1 (sitemanager.dll 3.6.1.166) on Windows 2000 SP4 and Windows XP SP1 and requires a user to load the exploit page into Internet Explorer.