CVE-2008-1855

medium Trellix
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Score
23.3%
Exploitation probability in 30 days
Top 4% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P
Published: April 16, 2008 (6602 days ago)
Last Modified: April 23, 2026
Vendor: Trellix
Source: NVD

Description

FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.

CWE

CWE-399

Affected Products

mcafee cma

References

🔗 secunia.com 🔗 www.offensive-security.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.vupen.com