CVE-2021-31841

Name of the Vulnerable Software and Affected Versions McAfee Agent for Windows versions prior to 5.7.4

Description A DLL sideloading issue could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Recommendations For versions prior to 5.7.4, update to version 5.7.4 or later to resolve the issue. As a temporary workaround, consider restricting the ability to load unsigned DLLs in specific locations to minimize the risk of exploitation.