McAfee VirusScan On-Access Scanner File Name Buffer Overflow Vulnerability

McAfee VirusScan On-Access Scanner is prone to a filename-buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may disable the On-Access Scanner component of McAfee VirusScan.

McAfee VirusScan On-Access Scanner 8.0i Enterprise Patch 11 and earlier versions are vulnerable to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus