CVE-2018-6669

Name of the Vulnerable Software and Affected Versions McAfee Application Control / Change Control version 7.0.1 and earlier

Description The issue is related to a whitelist bypass, allowing a remote or local user to execute blacklisted files. This is due to errors in the implementation of the blacklist mechanism. Exploitation of this issue may enable an attacker to bypass existing restrictions on file execution and execute arbitrary code.

Recommendations For McAfee Application Control / Change Control version 7.0.1 and earlier, consider restricting access to ASP.NET forms until a patch is available. As a temporary workaround, review and strengthen the implementation of the blacklist mechanism to prevent the execution of blacklisted files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.