10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Added: 10/06/2006
CVE: CVE-2006-5156
BID: 20288
OSVDB: 29421
McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the **NAISERV.exe**
program.
A buffer overflow vulnerability in the McAfee HTTP server allows remote attackers to execute arbitrary commands by sending a request containing long source headers.
Apply the patch referenced in Secunia advisory 22222.
<http://www.kb.cert.org/vuls/id/842452>
Exploit works on McAfee Protection Pilot 1.1.0.
Windows