McAfee Security Center McSubMgr.DLL ActiveX Control Remote Buffer Overflow Vulnerability

McAfee Security Center McSubMgr.DLL ActiveX Control Remote Buffer Overflow Vulnerability

The 'McSubMgr.DLL' ActiveX control shipped with McAfee Security Center is prone to a buffer-overflow vulnerability. The software fails to perform sufficient boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

McAfee Virus Scan 10.0.27 for Windows XP with Service Pack 2 uses this vulnerable ActiveX control. McAfee Subscription Manager versions prior to 6.0.0.25 and prior to 7.2.147 are vulnerable to this issue; other products may be vulnerable as well.