New security advisory about McAfee VirusScan version 10.x vulnerability has been released recently.
This issue has been assigned to Secunia's SA19451, FrSIRT's ADV-2006-1176 etc. I have posted this information to common mailing lists too.
Vendor has fixed the flaw in January, but they didn't informed about new version release. When I asked the situation again on 2nd March, they informed about fixed (delivered) version. All localized builds has been fixed as well.
Vendor is reportedly in process to publish FAQ-type (version release) document to the McAfee/Network Associates KnowledgeBase.
I have tested non-affected product version Build 10.0.27 shipped with immune library version 5.00.06. Additionally, before vulnerability release I have asked Mitre.org to assign their CVE number to this issue. It is CVE-2004-1094 now. Co-operation with vendor worked very well.
I have reported several vulnerabilities related to this library file earlier.
Kommentit