HotFix Release Notes HotFix Version: HF256862 1009 Product: VirusScan Enterprise 8.0i Timestamp: 12 December 2005 Files affected: VSPLUGIN.DLL 8.0.0.1009 Issue: A vulnerability exists in the Common Management Agent (CMA) where an unexpected executable file can be run with system privileges. Communication between the VirusScan Enterprise plug-in and CMA can be utilized as a mechanism to exploit this vulnerability. Resolution: The VirusScan Enterprise plug-in, VSPLUGIN.DLL, has been updated to resolve the potential exploit. Notes: An administrator can install this release by adding the package to the ePolicy Orchestrator or Protection Pilot repository, for deployment via an agent update. This vulnerability was discovered by Reed Arvin. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. McAfee, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. HotFix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the HotFix. HotFix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of HotFix files. HotFix files are not a substitute or replacement for product Service Packs which may be released by McAfee, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from McAfee, Inc. Further, posting of McAfee HotFix files to publicly available Internet sites is prohibited. McAfee, Inc. reserves the right to refuse distribution of HotFix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee HotFix files should be directed to McAfee Technical Support. (c) 2005 McAfee, Inc. All Rights Reserved.