McAfee Common Management Agent (CMA) Multiple Memory Corruption Vulnerabilities

McAfee Common Management Agent (CMA) Multiple Memory Corruption Vulnerabilities

McAfee Common Management Agent is prone to mutiple memory-corruption vulnerabilities. The application fails to properly bounds-check user-supplied data in several instances before copying it into insufficiently sized memory buffers.

A remote attacker may exploit these issues to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may result in denial-of-service conditions.

Various versions of CMA are affected by these issues. CMA is also included with ePolicy Orchestrator and ProtectionPilot.