ePolicy Orchestrator HTTP /spipe/pkg/ Source Header Remote Overflow
Critical Nessus Plugin ID 22494
SynopsisArbitrary code can be executed on the remote host due to a flaw in the web service.
DescriptionThe remote host is running McAfee ePolicy Orchestrator web service.
The remote version of this software contains a stack overflow vulnerability.
An unauthenticated attacker can exploit this flaw by sending a specialy crafted packet to the remote host. A successful exploitation of this vulnerability would result in remote code execution with SYSTEM privileges.
SolutionInstall ePO 3.5.0 Patch 6.