Vulnerability Description
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Virusscan Enterprise | <= 8.8.0 |
Related Weaknesses (CWE)
References
- http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
- http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-pr
- http://www.securityfocus.com/bid/78810
- https://kc.mcafee.com/corporate/index?page=content&id=SB10142Vendor Advisory
- http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
- http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-pr
- http://www.securityfocus.com/bid/78810
- https://kc.mcafee.com/corporate/index?page=content&id=SB10142Vendor Advisory
FAQ
What is CVE-2015-8577?
CVE-2015-8577 is a vulnerability with a CVSS score of 2.6 (LOW). The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms...
How severe is CVE-2015-8577?
CVE-2015-8577 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8577?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Virusscan Enterprise.