CVE-2008-1357

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082.  NOTE: this issue only exists when the debug level is 8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
mcafeeagent
4.0
mcafeecma
3.0.6.453
mcafeecma
3.5.5.438
mcafeecma
3.6.438
mcafeecma
3.6.453
mcafeecma
3.6.546
mcafeecma
3.6.574
mcafeeepolicy_orchestrator
4.0
mcafeemcafee_framework
3.6.569
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/meccaffi-adv.txt
http://secunia.com/advisories/29337
http://securityreason.com/securityalert/3748
http://www.securityfocus.com/archive/1/489476/100/0/threaded
http://www.securityfocus.com/bid/28228
http://www.securitytracker.com/id?1019609
http://www.vupen.com/english/advisories/2008/0866/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41178
https://knowledge.mcafee.com/article/234/615103_f.sal_public.html
http://aluigi.altervista.org/adv/meccaffi-adv.txt
http://secunia.com/advisories/29337
http://securityreason.com/securityalert/3748
http://www.securityfocus.com/archive/1/489476/100/0/threaded
http://www.securityfocus.com/bid/28228
http://www.securitytracker.com/id?1019609
http://www.vupen.com/english/advisories/2008/0866/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41178
https://knowledge.mcafee.com/article/234/615103_f.sal_public.html