ePolicy Orchestrator is security management software that provides a centralized console for managing McAfee enterprise security product such as Total Protection, a solution McAfee rolled out in April that combines antivirus, antispyware, antispam, firewall and intrusion-prevention features.

The vulnerability, which affects ePO’s Common Management Agent version 3.5.0 and older, stems from a directory traversal design flaw that could allow remote attackers to create any type of file on a compromised system, including Trojans and other malware, said Marc Maiffret, co-founder and CTO at eEye Digital Security, the Aliso Viejo, Calif.-based vendor that discovered the vulnerability.

Read more >