Lucene search

TrellixCVELIST:CVE-2019-3646

HistorySep 13, 2019 - 1:05 p.m.

CVE-2019-3646 McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability

2019-09-1313:05:30

CWE-714

trellix

www.cve.org

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

CNA Affected

[
  {
    "product": "McAfee Total Protection - Free Antivirus Trial",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThanOrEqual": "16.0.R18",
        "status": "affected",
        "version": "16.0",
        "versionType": "custom"
      }
    ]
  }
]

References

service.mcafee.com/FAQDocument.aspx?&id=TS102968

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2019-3646