Last Modified: Fri, 04 Oct 2013 14:40:20 +0000 ; Created: Wed, 02 Oct 2013 15:30:40 +0000
|I discovered a DoS bug in McAfee's enterprise client "FrameworkService.exe" that I reported in September, 2013. McAfee just released a public Security Bulletins about it at:
McAfee Security Bulletin - McAfee Managed Agent update fixes the "Denial of Service" vulnerability against the FrameworkService.exe
The CERT Vulnerability Note VU# 613886 has been published.
The CVE is CVE-2013-3627: McAfee Agent v4.6 Denial of Service
I had some initial difficulty finding how to contact the vendor, but McAfee did reach back out to me later so I could report it.