McAfee VirusScan Enterprise < 8.8 Patch 6 Buffer Overflow Protection (BOP) Security Bypass (SB10142)

low Nessus Plugin ID 87500

Synopsis

The remote Windows host has an antivirus application installed that is affected by a buffer overflow protection (BOP) security bypass vulnerability.

Description

The version of McAfee VirusScan Enterprise installed on the remote Windows host is prior to 8.8 Patch 6. It is, therefore, affected by a buffer overflow protection (BOP) security bypass vulnerability due to insecure allocation of memory pages with Read, Write, and Execute (RWX) permissions at a constant predictable address. A local attacker can exploit this to gain access to the address space layout.

Solution

Upgrade to McAfee VirusScan Enterprise version 8.8 Patch 6.
Alternatively, apply the workarounds referenced in the vendor advisory.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10142

https://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations

http://www.nessus.org/u?4927ba47

Plugin Details

Severity: Low

ID: 87500

File Name: mcafee_vse_sb10142.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 12/18/2015

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mcafee:virusscan_enterprise

Required KB Items: Antivirus/McAfee/installed

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2015

Vulnerability Publication Date: 12/8/2015

Reference Information

CVE: CVE-2015-8577

BID: 78810

MCAFEE-SB: SB10142