Unified threat management (UTM) solutions provider Fortinet has said that its global threat research team has discovered multiple vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot. According to the company, the vulnerabilities allow attackers to take over the affected system by providing a malicious Web page from a controlled Web site. When the user browses the Web page from a machine with the affected products, maliciously formed data causes a buffer overflow leading to arbitrary command execution with the privileges of that user. The vulnerability affects users of the following specific software:
* McAfee ePolicy Orchestrator 3.6.1 and earlier
* McAfee ePolicy Orchestrator 3.6.0 Patch 5 and earlier.
* McAfee ePolicy Orchestrator 3.5.0 Patch 7 and earlier.
* McAfee ProtectionPilot 1.5.0.
* McAfee ProtectionPilot 1.1.1 Patch 3 and earlier.
The company says McAfee users should immediately apply the update provided by McAfee. For more information on these vulnerabilities, please visit Fortinet's FortiGuard Center at http://www.fortiguardcenter.com/advisory/FGA-2007-03.html.
ITWeb Security Summit 2007
Taking place from 22 - 25 May 2007 at Vodaworld, ITWeb's Second Annual Security Summit will bring together almost 30 international and local IT and security professionals, practitioners, industry experts and analysts. They will share their experiences, acquire knowledge and gain an understanding of the key tools, techniques and strategies needed to safeguard their organisations' most valuable asset - information. International security guru and author, Bruce Schneier, and creator of the Pretty Good Privacy (PGP) e-mail encryption protocol, Phil Zimmermann, will deliver the opening keynote addresses. More information about the event and delegate bookings is available online at www.securitysummit.co.za or by contacting Denise Breytenbach at (011) 807-3294 or denise@itweb.co.za.
Related stories:
Security evolves further
Butler Group viewpoint - The year ahead
Butler Group viewpoint - The year ahead
Share