CVE-2016-4534
3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
6.5 Medium
AI Score
Confidence
Low
3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
34.5%
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mcafee:virusscan_enterprise | mcafee virusscan enterprise | eq | 8.8.0 |
| microsoft:windows | microsoft windows | eq | * |
References
packetstormsecurity.com/files/download/136089/mcafeevses-bypass.html
seclists.org/fulldisclosure/2016/Mar/13
www.securitytracker.com/id/1035754
kc.mcafee.com/corporate/index?page=content&id=SB10158
kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26485/en_US/VSE_8_8_HF1123565_release_notes.pdf
lab.mediaservice.net/advisory/2016-01-mcafee.txt
www.exploit-db.com/exploits/39531/
Related
3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
6.5 Medium
AI Score
Confidence
Low
3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
34.5%