McAfee Denial of Service bug I found

Last Modified: Fri, 04 Oct 2013 14:40:20 +0000 ; Created: Wed, 02 Oct 2013 15:30:40 +0000

I discovered a DoS bug in McAfee's enterprise client "FrameworkService.exe" that I reported in September, 2013. McAfee just released a public Security Bulletins about it at:

McAfee Security Bulletin - McAfee Managed Agent update fixes the "Denial of Service" vulnerability against the FrameworkService.exe

The CERT Vulnerability Note VU# 613886 has been published.

The CVE is CVE-2013-3627: McAfee Agent v4.6 Denial of Service

I had some initial difficulty finding how to contact the vendor, but McAfee did reach back out to me later so I could report it.