McAfee EPolicy Orchestrator and ProtectionPilot HTTP Server Remote Buffer Overflow Vulnerability

McAfee EPolicy Orchestrator and ProtectionPilot HTTP Server Remote Buffer Overflow Vulnerability

The HTTP server component of McAfee ePolicy Orchestrator and ProtectionPilot is prone to a remote stack-based buffer-overflow vulnerability that can lead to complete system compromise.

This issue arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

A successful attack may result in arbitrary code execution with SYSTEM privileges, leading to a full compromise.

McAfee ePolicy Orchestrator 3.5.0 patch 5 and prior versions as well as ProtectionPilot 1.1.1 patch 2 and prior versions are vulnerable to this issue.