McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Common_management_agent | Mcafee | 3.5.5.438 (including) | 3.5.5.438 (including) |
| Common_management_agent | Mcafee | 3.5.5.568 (including) | 3.5.5.568 (including) |
| Common_management_agent | Mcafee | 3.5.5.577 (including) | 3.5.5.577 (including) |
| Common_management_agent | Mcafee | 3.5.5.580 (including) | 3.5.5.580 (including) |
| Common_management_agent | Mcafee | 3.5.5.588 (including) | 3.5.5.588 (including) |
| Common_management_agent | Mcafee | 3.6.0.438 (including) | 3.6.0.438 (including) |
| Common_management_agent | Mcafee | 3.6.0.453 (including) | 3.6.0.453 (including) |
| Common_management_agent | Mcafee | 3.6.0.546 (including) | 3.6.0.546 (including) |
| Common_management_agent | Mcafee | 3.6.0.569 (including) | 3.6.0.569 (including) |
| Common_management_agent | Mcafee | 3.6.0.574 (including) | 3.6.0.574 (including) |
| Common_management_agent | Mcafee | 3.6.0.595 (including) | 3.6.0.595 (including) |
| Common_management_agent | Mcafee | 3.6.0.603 (including) | 3.6.0.603 (including) |