9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.875 High
EPSS
Percentile
98.3%
Added: 03/22/2007
CVE: CVE-2007-1498
BID: 22952
OSVDB: 33796
ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by **sitemanager.dll**
.
A buffer overflow vulnerability in the SiteManager ActiveX control allows command execution when the **VerifyPackageCatalog**
function is called with a long argument.
Apply one of the patches referenced in McAfee Document ID 612495 or 612496.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0162.html>
Exploit works on McAfee ePolicy Orchestrator 3.6.1 with **sitemanager.dll**
version 3.6.1.166.
A user must load the exploit page into Internet Explorer in order for the exploit to succeed.
Windows 2000
Windows XP