              HotFix Release Notes

HotFix Version:
   HF256862 1009

Product:
   VirusScan Enterprise 8.0i

Timestamp:
   12 December 2005

Files affected:
   VSPLUGIN.DLL  8.0.0.1009

Issue:
   A vulnerability exists in the Common
   Management Agent (CMA) where an unexpected
   executable file can be run with system
   privileges. Communication between the
   VirusScan Enterprise plug-in and CMA can be
   utilized as a mechanism to exploit this
   vulnerability.

Resolution:
   The VirusScan Enterprise plug-in,
   VSPLUGIN.DLL, has been updated to resolve
   the potential exploit.

Notes:
   An administrator can install this release by
   adding the package to the ePolicy
   Orchestrator or Protection Pilot repository,
   for deployment via an agent update.

   This vulnerability was discovered by Reed
   Arvin.


The attached files are provided as is, and with
no warranty either expressed or implied as to
their suitability for any particular use or
purpose. McAfee, Inc. assumes no liability for
damages incurred either directly or indirectly
as a result of the use of these files,
including but not limited to the loss or damage
of data or systems, loss of business or
revenue, or incidental damages arising from
their use. HotFix files should be applied only
on the advice of McAfee Technical Support, and
only when you are actually experiencing the
issue being addressed by the HotFix. HotFix
files should not be proactively applied in
order to prevent potential product issues. You
are responsible for reading and following all
instructions for preparation, configuration,
and installation of HotFix files. HotFix files
are not a substitute or replacement for product
Service Packs which may be released by McAfee,
Inc. It is a violation of your software license
agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting
of McAfee HotFix files to publicly available
Internet sites is prohibited. McAfee, Inc.
reserves the right to refuse distribution of
HotFix files to any company or person guilty of
unlawful distribution of McAfee software
products. Questions or issues with McAfee
HotFix files should be directed to McAfee
Technical Support.

(c) 2005 McAfee, Inc. All Rights Reserved.
