Flaw discovered in McAfee ePolicy Orchestrator

Flaw discovered in McAfee ePolicy Orchestrator: "A vulnerability in the agent software of McAfee's ePolicy Orchestrator (ePO) could enable hackers to gain unauthorised access to a system and perform a variety of malicious acts. EPolicy Orchestrator is security management software that provides a centralised console for managing McAfee enterprise security product such as Total Protection, a solution McAfee rolled out in April that combines antivirus, antispyware, antispam, firewall and intrusion-prevention features. The vulnerability, which affects ePO's Common Management Agent version 3.5.0 and older, stems from a directory traversal design flaw that could allow remote attackers to create any type of file on a compromised system, including trojans and other malware, said Marc Maiffret, co-founder and CTO at eEye Digital Security, the vendor that discovered the vulnerability."