CVE-2008-1855

Name: CVE-2008-1855
Creator: NVD / NIST
Published: 2008-04-16T19:05:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.58%

Last modified Jun 16, 2026

CVE-2008-1855 is a vulnerability of currently unknown severity. FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.. EPSS estimates a 7.58% chance of exploitation in the next 30 days.

Description

FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.

Metrics

EPSS Probability

7.58%

93.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Mcafee	Cma	<= 3.6.0.574

References

Timeline

Published: Apr 16, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-1855?

How severe is CVE-2008-1855?

Severity scoring for CVE-2008-1855 is pending analysis. The EPSS model estimates a 7.58% probability of exploitation in the next 30 days.

How do I fix CVE-2008-1855?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1855?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST