A buffer overflow vulnerability has been identified in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled() method processes an overly long string argument, allowing remote attackers to execute arbitrary code.
An attacker can exploit this vulnerability by hosting a malicious web-site and enticing users to visit it.
McAfee VirusScan 10.0.27
McAfee SecurityCenter Agent 6.0
McAfee SecurityCenter 6.0.22
McAfee SecurityCenter 7.0
McAfee SecurityCenter 6.0
McAfee SecurityCenter 4.3
Arbitrary code execution.
The vendor has released patches and upgrades to address this issue. Please apply them.