CVE-2019-3634

Name of the Vulnerable Software and Affected Versions McAfee Data Loss Prevention (DLPe) for Windows versions prior to 11.3.2.8

Description The issue allows a local user to cause the Windows operating system to crash via an encrypted message sent to DLPe, which when decrypted results in DLPe reading unallocated memory. This is achieved by exploiting a buffer overflow in the software.

Recommendations For versions prior to 11.3.2.8, update to version 11.3.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the encrypted message handling functionality in DLPe to minimize the risk of exploitation.