PT-2019-5832 · Mcafee · Mcafee Total Protection

Published

2019-09-12

Updated

2019-10-09

CVE-2019-3646

CVSS v3.1

6.9

Medium

Vector

AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions McAfee Total Protection versions prior to 16.0.R18

Description The issue is related to the use of an untrusted path when loading dynamic link libraries (DLLs), which can be exploited to execute arbitrary code. This can be achieved by placing a compromised folder in a specific location, allowing an attacker with administrator rights to execute code locally.

Recommendations For versions prior to 16.0.R18, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the DLL loading mechanism to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-714

Related Identifiers

BDU:2021-03218

CVE-2019-3646

Affected Products

Mcafee Total Protection

PT-2019-5832 · Mcafee · Mcafee Total Protection

CVE-2019-3646

Weakness Enumeration

Related Identifiers

Affected Products

References · 6