EUVD-2017-13015

Malware in sbrugna...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

Mccafé McAfee LiveSafe MiTM RCE Vulnerability CVE-2017-3898 research topic-vulnerability warning-the black bar safety net

Vulnerability flaws bug overview The vulnerability flaws bugs affecting McAfee LiveSafe MLS 16.0.3 previous all version, the presence of the long-distance code to fulfill. This vulnerability flaws bug to allow the invasion of the attacker via the process of tampering with the HTTP after the end o...

McAfee LiveSafe Man-in-the-Middle Vulnerability

McAfee LiveSafe is prone to a man-in-the-middle vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mcafee:livesafe";...

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modi...

McAfee LiveSafe (MLS) Man-in-the-Middle Attack Vulnerability

McAfee livesafe is defense against viruses and malware. A man-in-the-middle attack vulnerability exists in the McAfee livesafe non-certificate authentication mechanism implementation, which can be exploited by a remote attacker to submit a special request to modify Windows registry values...

CVE-2017-3898

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...

Authentication flaw

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...

CVE-2017-3898

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...

CVE-2017-3898

CVE-2017-3898 affects McAfee LiveSafe (MLS) prior to 16.0.3 and is tied to a MitM flaw in the non‑certificate‑based authentication used during HTTP backend responses. An attacker on the network could manipulate the Windows registry value associated with McAfee updates, potentially enabling remote...

McAfee LiveSafe Denial of Service Vulnerability

McAfee LiveSafe is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

McAfee LiveSafe Detection (Windows SMB Login)

Detects the installed version of McAfee LiveSafe. The script logs in via smb, searches for string SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

McAfee LiveSafe AV Engine Integer Sign Error Vulnerability

McAfee LiveSafe is a security suite that provides a full range of real-time protection for data and identities on all devices. av engine is part of the McAfee LiveSafe suite and is used to protect devices from cyberattacks. An integer sign error vulnerability exists in McAfee LiveSafe AV, which...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

Integer overflow

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

CVE-2016-4535

CVE-2016-4535 describes an integer signedness error in the McAfee LiveSafe AV engine prior to DAT 8145 (14.0). The flaw allows remote attackers to trigger memory corruption and a denial of service by processing a crafted packed executable, potentially crashing mscan64a.dll on Windows. Public refe...

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase...

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase demonstrates this and causes a crash in mscan64a.dll. I verified that thi...