CVE-2019-3646

Published: Sep 13, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD

Description

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

Affected (1)

Products: Mcafee: Total Protection

1 product

Total Protection

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Total Protection	Up to 16.0.r18

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

http://service.mcafee.com/FAQDocument.aspx?&id=TS102968

Source: trellixpsirt@trellix.com

http://service.mcafee.com/FAQDocument.aspx?&id=TS102968

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.