CVE-2019-3648

Name of the Vulnerable Software and Affected Versions McAfee Total Protection versions 16.0.R22 and earlier McAfee Anti-Virus Plus (affected versions not specified) McAfee Internet Security (affected versions not specified)

Description A Privilege Escalation issue in McAfee products allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. The vulnerability is related to insufficient validation of third-party files loaded from inappropriate directories and a lack of digital signature verification. Exploitation of this issue may enable an attacker to elevate privileges and execute malicious code by loading malicious files.

Recommendations For McAfee Total Protection versions 16.0.R22 and earlier, update to a version later than 16.0.R22 to resolve the issue. For McAfee Anti-Virus Plus and McAfee Internet Security, at the moment, there is no information about a newer version that contains a fix for this vulnerability.