from eweek.com ........ eEye Warns of Worm Hole in McAfee Anti-virus Products

A code execution vulnerability in software products sold by Internet security vendor McAfee could put millions at risk of computer takeover attacks, according to a warning from eEye Digital Security.

The flaw affects fully patched versions of all McAfee consumer security products, including the company's flagship McAfee Internet Security Suite 2006.

eEye Chief Hacking Officer Marc Maiffret, in Aliso Viejo, Calif., said his company is withholding technical details on the vulnerability until McAfee completes work on a patch.

Maiffret said the issue was discovered and reported to McAfee on July 19.

"This vulnerability can be used to compromise systems running these McAfee consumer products and allow attackers to run code with the ability to modify/delete files [or] backdoor systems," Maiffret said in an e-mail exchange with eWEEK.

In keeping with its disclosure policy, eEye has posted a deliberately vague advisory (http://www.eeye.com/html/research/upcoming/20060719.html) on the bug.

Maiffret said his company's researchers were able to successfully compromise the following products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller and McAfee AntiSpyware.

Thanks Radio. :)

AVG Free FTW

It doesn't look like the desktop AV products are effected mostly enterprise applications like ePolicy Orchestrator and stuff.

McAfee ePolicy Orchestrator 3.x
McAfee Common Management Agent 3.x
McAfee ProtectionPilot 1.x
Microsoft Windows

It says McAfee VirusScan in that list in the thread starter. :scratch:

I ditched McAfee for Kaspersky anyway and I'll never look back. For a free one though, AntiVir is better!
http://forums.pcper.com/showthread.php?t=418613

It says McAfee VirusScan in that list in the thread starter. :scratch:

I ditched McAfee for Kaspersky anyway and I'll never look back. For a free one though, AntiVir is better!
http://forums.pcper.com/showthread.php?t=418613
I used AntiVir for a while but I don't think it scans inside of archives very well.

from the register ....... Who guards the guards?

McAfee has fixed a flaw involving older versions of its consumer security software that creates a means for hackers to compromise vulnerable systems.

The bug is the latest in a string of flaws affecting security software packages that have come to light over recent months.

In this case, the unspecified security bug relates to McAfee SecurityCenter, creating a means to execute hostile code providing users can be tricked into visiting a malicious website.

The vulnerability affects versions 4.3 through 6.0.22 of SecurityCenter, a component of a wide range of McAfee security products including: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller and McAfee AntiSpyware.

Users are advised to update to McAfee SecurityCenter, as explained in an advisory by McAfee here (http://ts.mcafeehelp.com/faq3.asp?docid=407052) Most, but not all, McAfee users will automatically receive the update.

The bug was discovered by security researchers at eEye Digital Security, which has published an advisory .

AVG Free FTW
+1,000,000 :type:

*updates list*

Affected Software:
McAfee® SecurityCenter 4.3 through McAfee SecurityCenter 6.0.22 which may contain a combination of the following products:
McAfee AntiSpyware 1.x, 2.x
McAfee Internet Security Suite 6.x, 7.x, 8.x
McAfee Personal Firewall Plus 5.x, 6.x, 7.x
McAfee Privacy Service 6.x, 7.x, 8.x
McAfee QuickClean 4.x, 5.x, 6.x
McAfee SpamKiller 5.x, 6.x, 7.x
McAfee VirusScan 8.x, 9.x, 10.x
McAfee Wireless Home Network Security 1.x