McAfee VirusScan Enterprise < 8.8 Patch 6 Buffer Overflow Protection (BOP) Security Bypass (SB10142)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an antivirus application installed that is
affected by a buffer overflow protection (BOP) security bypass
vulnerability.

Description :

The version of McAfee VirusScan Enterprise installed on the remote
Windows host is prior to 8.8 Patch 6. It is, therefore, affected by
a buffer overflow protection (BOP) security bypass vulnerability due
to insecure allocation of memory pages with Read, Write, and Execute
(RWX) permissions at a constant predictable address. A local attacker
can exploit this to gain access to the address space layout.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10142
http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
http://www.nessus.org/u?4927ba47

Solution :

Upgrade to McAfee VirusScan Enterprise version 8.8 Patch 6.
Alternatively, apply the workarounds referenced in the vendor
advisory.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 87500 ()

Bugtraq ID: 78810

CVE ID: CVE-2015-8577

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now