CVE-2019-3646

Name of the Vulnerable Software and Affected Versions McAfee Total Protection versions prior to 16.0.R18

Description The issue is related to the use of an untrusted path when loading dynamic link libraries (DLLs), which can be exploited to execute arbitrary code. This can be achieved by placing a compromised folder in a specific location, allowing an attacker with administrator rights to execute code locally.

Recommendations For versions prior to 16.0.R18, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the DLL loading mechanism to minimize the risk of exploitation.