Code execution flaw found in McAfee products

VirusScan, Personal Firewall Plus, SpamKiller and other McAfee products are reportedly vulnerable to an unspecified remote code execution flaw.

According to a report, several products from antivirus vendor McAfee Inc. are vulnerable to a remote code execution flaw.

Aliso Viejo, Calif.-based security firm eEye Digital Security Inc. has reported that a flaw in multiple consumer products from the Santa Clara, Calif.-based antivirus vendor could enable an attacker to execute arbitrary commands on vulnerable systems.

More on security flaws

Third-party Microsoft patches may get new life

Symantec flaws are wake-up call for CIOs

The affected products include McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus 7.x, McAfee VirusScan 10.x, McAfee Privacy Service 6.x, McAfee SpamKiller 7.x and McAfee AntiSpyware 6.x.

The flaw has been reported to McAfee and confirmed, eEye said. However, few details are available as a workaround has not yet been released.

Danish vulnerability clearinghouse Secunia posted a bulletin about the vulnerable products Tuesday morning, rating the issue "highly critical." eEye denoted the issue as a high severity problem.

This flaw is not related to the recent flaw in McAfee's ePolicy Orchestrator product that attackers could exploit to compromise machines and launch malicious code.

That problem, reported by eEye and addressed last week, involved the framework service component of McAfee Common Management Agent (CMA), which allows users to configure and enforce protection policies; deploy and configure agents; and monitor the security status of systems from a centralized console.

This article originally appeared on SearchSecurity.com.

Dig deeper on Security and risk management for Small Business

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close