CVE-2021-31844

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention (DLP) Endpoint for Windows versions prior to 11.6.200

Description: A buffer overflow issue allows a local attacker to execute arbitrary code with elevated privileges by placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Recommendations: For versions prior to 11.6.200, update to version 11.6.200 or later to resolve the issue. As a temporary workaround, consider restricting access to Ami Pro (.sam) files to minimize the risk of exploitation. Avoid triggering DLP Endpoint scans on potentially malicious files until the issue is resolved.