In association with heise online

09 August 2011, 15:48

McAfee SaaS Endpoint Protection vulnerabilities closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

McAfee Logo McAfee is warning customers of security holes in its McAfee SaaS Endpoint Protection product. In an advisory, the company says that an error in the MyASUtil ActiveX control (MyAsUtil5.2.0.603.dll) could be exploited by an attacker to remotely inject and execute arbitrary commands. A second vulnerability in the MyCioScan ActiveX control (myCIOScn.dll) can be used to write arbitrary files in the context of the current user.

The vulnerabilities were first reported to McAfee at the end of January by TippingPoint security researcher Jonathan Andersson. Versions up to and including 5.2.1 are said to be affected.

Version 5.2.2 of McAfee SaaS Endpoint Protection addresses these vulnerabilities. All users are advised to update to the latest version as soon as possible. Users can force an update by right-clicking on the McAfee tray icon and selecting "Update Now".

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit