Search criteria
2 vulnerabilities found for McAfee Total Protection - Free Antivirus Trial by McAfee, LLC
CVE-2019-3646 (GCVE-0-2019-3646)
Vulnerability from cvelistv5 – Published: 2019-09-13 13:05 – Updated: 2024-09-17 04:14
VLAI?
Title
McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
Severity ?
6.9 (Medium)
CWE
- CWE-714 - Malicious File Execution (CWE-714, OWASP 2004:A3)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | McAfee Total Protection - Free Antivirus Trial |
Affected:
16.0 , ≤ 16.0.R18
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Total Protection - Free Antivirus Trial",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "16.0.R18",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-714",
"description": "Malicious File Execution (CWE-714, OWASP 2004:A3)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T13:05:30",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "",
"ID": "CVE-2019-3646",
"STATE": "PUBLIC",
"TITLE": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Total Protection - Free Antivirus Trial",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "16.0",
"version_value": "16.0.R18"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious File Execution (CWE-714, OWASP 2004:A3)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3646",
"datePublished": "2019-09-13T13:05:30.972134Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:14:09.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3646 (GCVE-0-2019-3646)
Vulnerability from nvd – Published: 2019-09-13 13:05 – Updated: 2024-09-17 04:14
VLAI?
Title
McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
Severity ?
6.9 (Medium)
CWE
- CWE-714 - Malicious File Execution (CWE-714, OWASP 2004:A3)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee, LLC | McAfee Total Protection - Free Antivirus Trial |
Affected:
16.0 , ≤ 16.0.R18
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "McAfee Total Protection - Free Antivirus Trial",
"vendor": "McAfee, LLC",
"versions": [
{
"lessThanOrEqual": "16.0.R18",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-714",
"description": "Malicious File Execution (CWE-714, OWASP 2004:A3)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T13:05:30",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "",
"ID": "CVE-2019-3646",
"STATE": "PUBLIC",
"TITLE": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Total Protection - Free Antivirus Trial",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "16.0",
"version_value": "16.0.R18"
}
]
}
}
]
},
"vendor_name": "McAfee, LLC"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious File Execution (CWE-714, OWASP 2004:A3)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3646",
"datePublished": "2019-09-13T13:05:30.972134Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:14:09.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}