DoS Buffer Overflow in McAfee?

By Roger on July 9, 2006 9:23 PM | | Comments (0) | TrackBacks (0)

A post to the Full Disclosure list reports a local denial of service in McAfee Antivirus Enterprise 8.

http://seclists.org/lists/fulldisclosure/2006/Jul/0157.html From: John Doe Date: Sun, 9 Jul 2006 10:53:21 -0700 (PDT)

A local Buffer Overflow was discovered in McAfee VirusScan Enterprise 8.0.0.

The overflow can be triggered within the "Buffer OverFlow Protection Properties" by creating a buffer overflow exclusion. Then fill each field with data, and click ok, and apply

Process name: AAAAAAAAAAAAAAAAA......etc
Module name: AAAAAAAAAAAAAAAAAA......etc
API name: AAAAAAAAAAAAAAAAAAAAA......etc

This will trigger various exceptions based on amount of data added to each field.

This will DoS the AV . McAfee AV will not run correctly again until Buffer Overflow Protection is disabled or the Buffer Overflow Exclusion is removed.

Categories

Antivirus

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: DoS Buffer Overflow in McAfee?.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/238

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on July 9, 2006 9:23 PM.

Salting the Hash was the previous entry in this blog.

Testing Flash Versions is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search