Multiple vulnerabilities have been identified in McAfee ePolicy Orchestrator, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are due to buffer overflow errors in the "SiteManager.dll" ActiveX control when processing malformed arguments passed to the "ExportSiteList()" or "VerifyPackageCatalog()" method, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page.
Affected Products
McAfee ePolicy Orchestrator (ePO) versions 3.x
McAfee ProtectionPilot versions 1.x
Solution
Apply patches :
https://mysupport.mcafee.com/eservice_enu/start.swe