CVE-2020-7279

Published: Jun 10, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Affected (16)

Products: Mcafee: Host Intrusion Prevention

Mcafee

1 product

Host Intrusion Prevention

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Mcafee Host Intrusion Prevention	Version 8.0.0
Mcafee Host Intrusion Prevention	Version 8.0.0 p10
Mcafee Host Intrusion Prevention	Version 8.0.0 p11
Mcafee Host Intrusion Prevention	Version 8.0.0 p12
Mcafee Host Intrusion Prevention	Version 8.0.0 p13
Mcafee Host Intrusion Prevention	Version 8.0.0 p14
Mcafee Host Intrusion Prevention	Version 8.0.0 p15
Mcafee Host Intrusion Prevention	Version 8.0.0 p1
Mcafee Host Intrusion Prevention	Version 8.0.0 p2
Mcafee Host Intrusion Prevention	Version 8.0.0 p3
Mcafee Host Intrusion Prevention	Version 8.0.0 p4
Mcafee Host Intrusion Prevention	Version 8.0.0 p5
Mcafee Host Intrusion Prevention	Version 8.0.0 p6
Mcafee Host Intrusion Prevention	Version 8.0.0 p7
Mcafee Host Intrusion Prevention	Version 8.0.0 p8
Mcafee Host Intrusion Prevention	Version 8.0.0 p9

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10320

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10320

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.