CVE-2019-3667

Published: Dec 11, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.

Affected (1)

Products: Mcafee: Techcheck

Mcafee

1 product

Techcheck

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Techcheck	Up to 3.0.0.17

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996

Source: trellixpsirt@trellix.com

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.