Last Updated: 2010-12-01 15:55:08 UTC - "McAfee Released Security Bulletin SB10013 this morning. The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise
8.5i and earlier versions. According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete. They have listed this as a Severity Rating of Medium. For more information and to check for the hotfix* ..."
December 01, 2010 - "... McAfee is aware of a publicly disclosed security issue that may affect VirusScan Enterprise version 8.5 and prior. We are investigating the claims and will update this KB with additional details when they are available
. We will be publishing a hotfix for this issue as soon as we are certain the fix closes all avenues of attack. This hotfix will mitigate the issue in affected configurations. .. VSE 8.7i and beyond are not affected by this issue and are readily available immediately. Upgrading to the newest version effectively closes this issue completely... Remediation: Upgrade to or install VSE 8.7..."
Release Date: 2010-11-29
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is caused due to the application loading libraries (e.g. traceapp.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Word Document with an embedded ActiveX control located on a remote WebDAV or SMB share in Microsoft Office 2003...