www.rodneybeede.com "I would love to change the world, but they won't give me the source code" - unknown

McAfee Denial of Service bug I found - Last Modified 2013-10-04 14:40 UTC - Created 2013-10-02 15:30 UTC

I discovered a DoS bug in McAfee's enterprise client "FrameworkService.exe" that I reported in September, 2013. McAfee just released a public Security Bulletins about it at:

McAfee Security Bulletin - McAfee Managed Agent update fixes the "Denial of Service" vulnerability against the FrameworkService.exe

The CERT Vulnerability Note VU# 613886 has been published.

The CVE is CVE-2013-3627: McAfee Agent v4.6 Denial of Service

I had some initial difficulty finding how to contact the vendor, but McAfee did reach back out to me later so I could report it.