McAfee SaaS Endpoint Protection vulnerabilities closed
McAfee is warning customers of security holes in its McAfee SaaS Endpoint Protection product. In an advisory, the company says that an error in the MyASUtil ActiveX control (MyAsUtil220.127.116.113.dll) could be exploited by an attacker to remotely inject and execute arbitrary commands. A second vulnerability in the MyCioScan ActiveX control (myCIOScn.dll) can be used to write arbitrary files in the context of the current user.
The vulnerabilities were first reported to McAfee at the end of January by TippingPoint security researcher Jonathan Andersson. Versions up to and including 5.2.1 are said to be affected.
Version 5.2.2 of McAfee SaaS Endpoint Protection addresses these vulnerabilities. All users are advised to update to the latest version as soon as possible. Users can force an update by right-clicking on the McAfee tray icon and selecting "Update Now".
- McAfee SaaS MyAsUtil18.104.22.1683.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability, security advisory from TippingPoint.
- McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability, security advisory from TippingPoint.