1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP McAfee NeoTrace ActiveX BO

HTTP McAfee NeoTrace ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing special arguments into a method of McAfee NeoTrace ActiveX control.

Additional Information

NeoTrace is a utility that allows users to map computers on the Internet. It is available for Microsoft Windows.

The NeoTraceExplorer.NeoTraceLoader ActiveX control, which is contained in the 'NeoTraceExplorer.dll' library and shipped with NeoTrace, is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can trigger this issue by supplying a string of over 500 bytes to the 'TraceTarget()' function.

Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution in the context of the client application using the affected ActiveX control.

Affected

  • McAfee NeoTrace Express 3.25
  • McAfee NeoTrace Professional 3.25

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube