McAfee ActiveX Flaws Patched

More backlog: Last week McAfee posted two patches for it's ePolicy Orchestrator and ProtectionPilot products. The flaws were in ActiveX components and the impact of the patched vulnerabilities was listed as "Local Assisted Arbitrary Command Execution". While the McAfee advisories are attempting to downplay the flaw by saying things like "The attack requires reverse engineering of ePO, establishing a malicious web page and the cooperation from an ePO user." but the Fortinet advisory is more clear, that this is a standard ActiveX flaw (and their FullDisclosure post also "reverse engineers" ePO to show the flawed code). This vulnerability has been assigned CVE-2007-1498.

AntiVirus products themselves have been the focus of many attacks recently. These typically take the form of creating a malformed file and then exploiting a flaw in the way the AV parses the file. Recent ones we have covered here included one such attack on the way that Microsoft's Malware Protection Engine handles PDFs (see the link of how that was probably exploitable remotely). A more recent one was similar to the above and was on an ActiveX component distributed by TrendMicro. That one (like this one I believe) was limited primarily to a product targeted at corporate deployment rather than home users.