PT-2016-4012 · Mcafee · Mcafee File Lock

Kyriakos Economou

Published

2016-01-29

Updated

2016-03-04

CVE-2015-8772

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions McAfee File Lock versions 5.x

Description The issue allows local users to obtain sensitive information from kernel memory or cause a denial of service, resulting in a system crash. This is achieved via a large VERIFY INFORMATION.Length value in an IOCTL DISK VERIFY ioctl call to the McPvDrv.sys driver.

Recommendations For McAfee File Lock version 5.x, update the McPvDrv.sys driver to a version that does not allow large VERIFY INFORMATION.Length values in an IOCTL DISK VERIFY ioctl call.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2015-8772

Affected Products

Mcafee File Lock

PT-2016-4012 · Mcafee · Mcafee File Lock

CVE-2015-8772

Weakness Enumeration

Related Identifiers

Affected Products

References · 3