McAfee SecurityCenter versions 4.3 all through 6.0.22 open Windows systems to control by hackers. McAfee Security Center controls execution of McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller and McAfee AntiSpyware. Security Center version 7 was only recently released, while Version 6 is in wide use.
The vulnerability was discovered by researchers at eEye Digital Security, which has published an announcement here. The vulnerability exists for systems running Internet Explorer.
McAfee published a security advisory (McAfee bug), though the company made no announcement on its home page or virus information pages of its product’s vulnerability. McAfee’s bulletin does not describe OS or Internet Explorer details but does describe how the threat would be exploited:
This attack requires the consumer to perform certain actions in order to be exploited. For example receiving an e-mail from an un-trusted source and clicking on a malicious URL. ...In order to accomplish this exploit, a user would have to force internet explorer (sic) to render a malicious web page which has been generated by the attacker. The attack requires reverse engineering of the software as well as the assistance of the user.
McAfee has made available a patch to SecurityCenter. Login at McAfee’s site or click 'Update' in Security Center
What computer user does not use or rely upon security software such as McAfee's to protect his systems from malicious software? It is instructive to remember that the security tools, too, are not invulnerable. See also, for example, these reports of security software vulnerabilities, Sophos, Kaspersky, Symantec.