CVE-2019-3585

Name of the Vulnerable Software and Affected Versions McAfee VirusScan Enterprise versions 8.8 prior to Patch 14

Description The issue is related to a Privilege Escalation vulnerability in the McTray.exe file of McAfee VirusScan Enterprise. This vulnerability may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges by running McAfee Tray with elevated privileges. The vulnerability is associated with insufficient access control.

Recommendations For McAfee VirusScan Enterprise version 8.8 prior to Patch 14, apply Patch 14 to resolve the issue. As a temporary workaround, consider restricting the use of the McTray.exe file to minimize the risk of exploitation. Avoid running McAfee Tray with elevated privileges until the issue is resolved.