Fortinet Global Threat Research Team recently announced to have detected numerous vulnerabilities (which allows hackers to take partial control of the infected system by offering a pernicious Web page from a controlled Web site) in McAfee(TM) ePolicy Orchestrator and ProtectionPilot. Fortinet says that while the user does surfing of the Web page from a machine with the infected products, perniciously developed data causes a buffer run over landing to arbitrary command execution with the privileges of that user.
The users who are having the specific software given below are affected by vulnerability:
(1) McAfee ePolicy Orchestrator 3.6.1 and earlier
(2) McAfee ePolicy Orchestrator 3.6.0 Patch 5 and earlier.
(3) McAfee ePolicy Orchestrator 3.5.0 Patch 7 and earlier.
(4) McAfee ProtectionPilot 1.5.0.
(5) McAfee ProtectionPilot 1.1.1 Patch 3 and earlier.
Besides warning Fortinet also applies McAfee ™ users to at once apply the update offered by McAfee ™ on March 13, 2007.
