CVE-2024-49592

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions 16.0.53

Description: The issue is related to an Uncontrolled Search Path Element in the McAfee Direct Stub Installer, which can allow an attacker to elevate their privileges and execute arbitrary code. This can be achieved through a type of attack known as "DLL-squatting." The vulnerability only affects the execution of the installer and does not leave McAfee Total Protection in a vulnerable state after installation is completed.

Recommendations: For version 16.0.53, consider disabling the vulnerable installer component until a patch is available. Restrict access to the installer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.