cancel
Showing results for 
Search instead for 
Did you mean: 
patchie
Level 7

Attack type: MDAC Code Execution Vulnerability

hi, I am the onsite support at a firm.

5 of our users get this error message in the McAfee Host Intrusion Prevention Log:

McAfee Host Intrusion Prevention Log
30. oktober 2009  13:01:29

Time:         30.10.2009 13:00:37
Event:         McAfee Host  Intrusion Prevention
IP Address/User: ---------
Description:      Internet Explorer (iexplore)
Path:         C:\Program Files\Internet  Explorer\IEXPLORE.EXE
Message:     Attack type: MDAC Code Execution  Vulnerability

They get this error when they try to view "ms project web access"(web interface) and the browser window hangs.

If i turn off host intrusion prevension, then the users can view the webpage normally.

Does anyone have any idea what I can do about this problem?

Message was edited by: patchie on 12/8/09 7:45:23 AM CST
0 Kudos
3 Replies
SReilley
Level 7

Re: Attack type: MDAC Code Execution Vulnerability

You need to create an exception for that specific IPS signature in the EPO console. Or you could disable the signature altogether. Either way I would recomend making sure that the machine has the MS patch applied to it for this specific vulnerability.

0 Kudos
SReilley
Level 7

Re: Attack type: MDAC Code Execution Vulnerability

The specific signature you will need to create an exception to or disable is 3748

0 Kudos
Mal09
Level 12

Re: Attack type: MDAC Code Execution Vulnerability

While switching off the HIPS rule is a good workaround, it's not really a solution.

This one should probably be escalated through support channels to get it investigated and the signature improved.

0 Kudos