Thursday, October 05, 2006

McAfee Protection Had a Hole

There is a bug in McAfee ProtectionPilot 1.1.0 and McAfee ePolicy Orchestrator 3.5.0 that may allow remote attackers to run their own code on the "protected" computer. This happens via a boundary error when dealing with long source errors. You can find links to the patches at http://secunia.com/advisories/22222/. According to at least one news story, McAfee was alerted to the bug in July, but the patch was very complex, so that it took till October to fix. Read more at http://www.crn.com/showArticle.jhtml?articleID=193101216.