CVE-2019-3667

Name of the Vulnerable Software and Affected Versions McAfee Tech Check versions 3.0.0.17 and earlier

Description The issue is related to a DLL Search Order Hijacking vulnerability in the Microsoft Windows client component of McAfee Tech Check. This vulnerability allows local users to execute arbitrary code by placing a malicious local folder in a specific location. The exploitation of this vulnerability is connected to the loading of a non-existent dynamic library, which can enable an attacker to execute arbitrary code.

Recommendations For McAfee Tech Check versions 3.0.0.17 and earlier, consider restricting access to the local folder where the dynamic library is loaded until a patch is available. As a temporary workaround, avoid using the affected McAfee Tech Check component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.