Mut, from Remote Exploit, has published a wonderfull proof of concept buffer over flow attack on McAfee’s ePolicy Orchestrator. First read a little bit about what McAfee ePolicy Orchestrator is:
Enforce and monitor your system’s security
Coordinate your defense against malicious threats and attacks with McAfee® ePolicy Orchestrator®. As your central security management hub, it helps you keep protection up to date; configure and enforce protection policies; and monitor security status. Do it all from one centralized console.
Sounds like an accident waiting to happen, and oh look…Mutt found the accident:
Proof of concept exploit code is available at:
And a short article describing the exploit is available at :
Mutt notified McAfee but apprently they have yet to get around to patching their super dooper product.
Hack On Fellow bored people.