8 matches found
CVE-2018-6661
CVE-2018-6661 : McAfee True Key contains a DLL side-loading privilege-escalation vulnerability. Affected: True Key prior to 4.20.110. Root cause: DLL signature not verified, enabling local users to gain elevated privileges by loading a crafted DLL. Impact: local privilege elevation as described i...
CVE-2019-3610
The CVE-2019-3610 entry applies to the McAfee True Key Windows client. Affected software: McAfee True Key (Windows client) v3.1.9211.0 and earlier. Issue: local information disclosure via specially crafted malware, enabling a local attacker to exfiltrate confidential data. CVSS details indicate L...
CVE-2018-6756
The CVE-2018-6756 entry concerns McAfee True Key (TK) Windows Client with affected version(s) up to 5.1.230.7, where an Authentication Abuse vulnerability enables local users to execute unauthorized commands via specially crafted malware. Connected documents corroborate local privilege/escalation...
CVE-2018-6757
McAfee True Key Windows client (TK) vulnerable to local privilege escalation on version 5.1.230.7 and earlier due to issues in the McAfee.TrueKey.Service implementation (notably SecureExecute). Public reports indicate multiple local-elevation vulnerability variants that can allow a non-privileged...
CVE-2018-6755
CVE-2018-6755 affects the McAfee True Key Windows client (TK) up to at least 5.1.230.7. The vulnerability is a Weak Directory Permission vulnerability in the Windows client that allows a local attacker to execute arbitrary code via specially crafted malware. Connected documents reference a local-...
CVE-2020-7299
CVE-2020-7299 affects the McAfee True Key Windows client. The vulnerability is a cleartext storage of sensitive information in memory, enabling a local administrator to access another user’s passwords on the same machine by triggering a process dump. Affected are True Key versions prior to 6.2.10...
CVE-2018-6700
CVE-2018-6700 corresponds to a DLL Search Order Hijacking vulnerability in McAfee True Key (TK) on Windows Client, prior to version 5.1.165. The root cause is exploitation of DLL search order to load malicious code locally, enabling arbitrary code execution by a local attacker with no credentials...
CVE-2018-6682
The CVE-2018-6682 entry concerns McAfee True Key (TK), where Cross Site Scripting exposes confidential data to local users via a crafted website in TK 4.0.0.0 and earlier. Affected component: the True Key web context handling (XSS exposure). Root cause: unclear in the provided documents beyond th...