Multiple McAfee Data Loss Prevention Endpoint Vulnerabilities
Release date:
Updated on:
Affected Systems:
McAfee Network Data Loss Prevention <= 9.3.300
Unaffected system:
McAfee Network Data Loss Prevention 9.3.400
Description:
McAfee Network Data Loss Prevention can monitor Network traffic to prevent Data Loss.
McAfee Data Loss Prevention Endpoint 9.3.300 and earlier versions have multiple security vulnerabilities. Remote attackers send specially crafted commands to the Windows Kernel Driver, attackers can exploit these vulnerabilities to gain Elevation of Privilege. attackers can execute arbitrary HTML and script code in the context of the user's browser of the affected site, inject arbitrary SQL code, and obtain password information through specially crafted URLs.
<* Source: Parvez Anwar
Link: http://secunia.com/advisories/62464/
*>
Suggestion:
Vendor patch:
McAfee
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://kc.mcafee.com/corporate/index? Page = content & id = SB10097
Https://kc.mcafee.com/corporate/index? Page = content & id = SB10098
This article permanently updates the link address: