26 matches found
CVE-2021-23874
CVE-2021-23874 affects McAfee Total Protection (MTP) versions prior to 16.0.30. The vulnerability is an Arbitrary Process Execution leading to local privilege escalation and code execution by a local user, bypassing MTP self-defense. Affected component: MTP privilege management; root cause: impro...
CVE-2019-3617
CVE-2019-3617 affects McAfee Total Protection (ToPS) for macOS prior to 4.6. A local user can escalate privileges to root due to incorrect protection of temporary files. Vulnerable component is ToPS for Mac OS; root-level impact is stated. Exploitation details are not provided in the supplied doc...
CVE-2019-3646
CVE-2019-3646 affects Microsoft Windows client components of McAfee Total Protection (MTP) Free Antivirus Trial, up to and including version 16.0.R18. It is described as a DLL search order hijacking vulnerability that allows a local attacker with administrator rights to cause arbitrary code execu...
CVE-2020-7282
CVE-2020-7282 affects McAfee Total Protection (MTP) prior to 16.0.R26. A local attacker can escalate privileges and delete files by exploiting symbolic-link manipulation that redirects a McAfee delete action to an unintended file, using a malicious script or program on the target machine. A fix e...
CVE-2020-7283
CVE-2020-7283 is a privilege-escalation issue affecting McAfee Total Protection (MTP) prior to 16.0.R26. The vulnerability arises from symbolic link manipulation that lets a local attacker, who can run a malicious script/program on the target, create and edit files in locations they normally cann...
CVE-2023-25134
Summary: CVE-2023-25134 affects McAfee Total Protection prior to 16.0.50. An adversary with full administrative access can modify a McAfee-specific COM in the Windows Registry, enabling loading of a malicious payload. Affected product/version: McAfee Total Protection pre-16.0.50. Root cause: insu...
CVE-2021-23877
CVE-2021-23877 concerns the Windows trial installer of McAfee Total Protection (MTP) prior to version 16.0.34_x. The issue enables a local user to escalate privileges by replacing a specific temporary file created during installation, potentially allowing code execution with admin privileges. Aff...
CVE-2021-23873
CVE-2021-23873 affects McAfee Total Protection (MTP) prior to version 16.0.30. The vulnerability is a local privilege escalation via manipulation of directory junctions in the QuickClean component, allowing a local attacker to gain SYSTEM privileges and perform arbitrary file deletions, potential...
CVE-2023-24579
CVE-2023-24579 concerns McAfee Total Protection prior to 16.0.51. The vulnerability allows a local attacker to trick a user into uninstalling the product via the command prompt. The description does not include specific exploit details, affected components, or remediation steps in the provided do...
CVE-2009-1348
CVE-2009-1348 affects McAfee antivirus products (VirusScan, Total Protection, Internet Security, SecurityShield for ISA Server/SharePoint, Security for Email Servers/Email Gateway, Active Virus Defense, etc.). The issue is a virus-detection bypass caused by malformed archive metadata in ZIP/RAR f...
CVE-2023-24578
CVE-2023-24578 affects McAfee Total Protection prior to 16.0.49. The root cause is DLL sideloading in the product, allowing a local, low-privilege user to elevate privileges and perform unauthorized tasks. Affected software is McAfee Total Protection; the issue is tied to DLL search path handling...
CVE-2022-43751
CVE-2022-43751 affects McAfee Total Protection prior to version 16.0.49. The issue is an uncontrolled search path element caused by a variable pointing to a subdirectory that may be controlled by an unprivileged user, potentially allowing arbitrary code execution with system privileges. Documente...
CVE-2019-3648
CVE-2019-3648 is a local privilege-escalation in McAfee Total Protection for Windows (client) affecting 16.0.R22 and earlier. The root cause is privilege-protected file placements that allow an administrator to execute arbitrary code. Impact is local code execution with elevated privileges if a a...
CVE-2020-7335
CVE-2020-7335 affects McAfee Total Protection for Windows prior to 16.0.29. The flaw is a local privilege escalation via manipulation of a folder using a junction link, exploiting a timing-related protection gap. Impact is elevated privileges (local user) with full system access in some vectors; ...
CVE-2020-7281
This CVE affects McAfee Total Protection (MTP) before version 16.0.R26. The issue is a local privilege-escalation where an attacker can cause a McAfee delete operation to target an unintended file by manipulating symbolic links, via running a malicious script/program on the target. The root cause...
CVE-2021-23876
CVE-2021-23876 affects McAfee Total Protection (MTP) prior to version 16.0.30. The vulnerability is a local bypass of Remote Procedure Call that allows a local user to gain SYSTEM privileges and perform arbitrary file modifications, potentially causing denial of service via malware execution. Evi...
CVE-2017-4028
CVE-2017-4028 describes a registry misconfiguration vulnerability that affects all Microsoft Windows products within McAfee consumer and corporate offerings. The underlying issue is manipulation of registry parameters to inject arbitrary code into a debugged McAfee process, granting local access ...
CVE-2019-3636
McAfee Total Protection Windows client (versions up to 16.0.R21) is affected by CVE-2019-3636, a local File Masquerade vulnerability that lets an attacker read the plaintext list of AV-Scan exclusion files from the Windows registry and potentially replace excluded files with malware without detec...
CVE-2020-7298
CVE-2020-7298 affects McAfee Total Protection (MTP) prior to 16.0.R26. The vulnerability allows a local attacker to disable real-time scanning by supplying a specially crafted object that triggers a specific function call. Publicly available documents confirm the affected product and the basic im...
CVE-2020-7310
CVE-2020-7310 describes a privilege-escalation flaw in the installer of McAfee Total Protection (MTP) trial before version 4.0.161.1. The issue arises from manipulating symbolic links to redirect McAfee file operations to an unintended file, enabling local users to modify files governed by write-...
CVE-2021-23872
Summary: CVE-2021-23872 affects McAfee Total Protection (MTP) — File Lock component. **Root cause:**Privilege escalation by manipulating a symbolic link through the IOCTL interface. Impact: local user gains elevated privileges (confidentiality, integrity, and availability impact rated High). Affe...
CVE-2023-24577
CVE-2023-24577 : McAfee Total Protection prior to 16.0.50 is affected by an improper link resolution issue via registry keys, enabling local privilege escalation for users with lower privileges. The vulnerability is tied to the product’s handling of registry keys, resulting in the ability to elev...
CVE-2019-3593
CVE-2019-3593 tracks a privilege/trust vulnerability in the Windows client of McAfee Total Protection (MTP) before version 16.0.R18 . The issue allows local attackers to bypass the product’s self‑protection, tamper with policies and product files, and uninstall McAfee software via specially craft...
CVE-2020-7330
CVE-2020-7330 affects McAfee Total Protection (MTP) trial versions before 4.0.176.1. Multiple sources describe a privilege-escalation flaw where a local user can schedule tasks that invoke malware to execute with elevated privileges by editing environment variables. Root cause centers on environm...
CVE-2019-3587
CVE-2019-3587 applies to the Windows client of McAfee Total Protection (MTP) prior to version 16.0.18 . The vulnerability is a DLL Search Order Hijacking issue that enables local code execution when a user runs from a compromised folder. Affected product: McAfee Total Protection (Windows client)....
CVE-2021-23891
McAfee Total Protection (MTP) before version 16.0.32 contains a local privilege escalation vulnerability. A local user can impersonate a client token to bypass MTP self-defense and gain elevated privileges. Affected component: token/auth handling within MTP. Root cause: impersonation of a client ...