McAfee will issue a patch tomorrow for a vulnerability affecting its SecurityCenter application, a security software management tool.
The vulnerability, rated 'medium' by McAfee with respect to its severity, could allow an unauthorised user to run code on a remote machine, the vendor said. It affects McAfee's SecurityCenter versions 4.3 to 6.0.22.
Security vendor eEye notified McAfee of the vulnerability on 19 July. Eeye withheld details of the vulnerability to not put users at risk, rating the problem as 'critical'.
McAfee said today it's testing the patch, which it will release tomorrow. Some customers will receive the patch through an automated update system, while those who have opted for manual updates will have to download the patch.
Customers should verify they have the latest software updates by visiting this site.
For a successful attack, a user would have to open a malicious web page seeking to exploit the vulnerability, McAfee said. The attacker would then have the same user rights as the person running the machine.
The attacker could also delete files or install other programs on the machine, eEye said in its advisory.
McAfee has a 18.8 percent revenue share of the antivirus market, coming in second behind Symantec at 53.6 percent, according to market analyst Gartner.