Flaw Found in 2006 McAfee Products

A flaw in many of McAfee's security products could open up users to a data exposure risk, security firm eEye Digital Security warned late Monday. Among the programs affected are Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus, although the 2007 versions, released Saturday, are immune.

McAfee has confirmed the flaws and is working on a fix, saying a patch would be delivered automatically to subscribers by midweek. No known attacks have been reported to be taking advantage of the vulnerability. Exploit code is not available on the Web, researchers said, thus it's likely no attacks would occur.

"A flaw exists in multiple McAfee consumer products that could allow an attacker the ability to execute arbitrary commands on the vulnerable systems," eEye warned in its advisory.

"This can lead to complete system compromise at which point an attacker could install trojans, modify/delete files, or perform any other activity as a normal logged on user would."

A similarly dangerous flaw was discovered by the firm in May affecting Symantec products. In that issue, after the vulnerability is exploited, a hacker gains access to the command shell and is able to perform just about any action. The hole was patched quickly by Symantec.

eEye had also detected a flaw in McAfee programs protecting business computers in mid-July. However, unlike the consumer vulnerability the issue had been already addressed. McAfee said it did not warn customers of that problem, leading to criticism last month.

5 Responses to Flaw Found in 2006 McAfee Products

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.