Lucene search

TrellixCVELIST:CVE-2019-3667

HistoryDec 11, 2019 - 6:25 a.m.

CVE-2019-3667 DLL Search Order Hijacking

2019-12-1106:25:17

trellix

www.cve.org

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

0.001 Low

EPSS

Percentile

30.3%

JSON

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.

CNA Affected

[
  {
    "product": "McAfee TechCheck",
    "vendor": "McAfee, LLC",
    "versions": [
      {
        "lessThan": "prior to 3.0.0.17",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for CVELIST:CVE-2019-3667