McAfee ePolicy Orchestrator ActiveX Exploit

This module exploits a vulnerability in the SiteManager ActiveX Control (sitemanager.dll). A validation error in the ExportSiteList() method allows an attacker to run arbitrary code on the target system. The module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When a client connects, it will try to install a Level0v2 agent by exploiting this vulnerability.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2007-1498
Product Version: 
6.2
Released Date: 
Wednesday, April 11, 2007 - 00:00