Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for McAfee Total Protection - Free Antivirus Trial by McAfee, LLC

    CVE-2019-3646 (GCVE-0-2019-3646)

    Vulnerability from nvd – Published: 2019-09-13 13:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
    Summary
    DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
    CWE
    • CWE-714 - Malicious File Execution (CWE-714, OWASP 2004:A3)
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Total Protection - Free Antivirus Trial",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThanOrEqual": "16.0.R18",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-714",
                  "description": "Malicious File Execution (CWE-714, OWASP 2004:A3)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-13T13:05:30.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "",
              "ID": "CVE-2019-3646",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Total Protection - Free Antivirus Trial",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c=",
                                "version_name": "16.0",
                                "version_value": "16.0.R18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Malicious File Execution (CWE-714, OWASP 2004:A3)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3646",
        "datePublished": "2019-09-13T13:05:30.972Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:09.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3646 (GCVE-0-2019-3646)

    Vulnerability from cvelistv5 – Published: 2019-09-13 13:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
    Summary
    DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
    CWE
    • CWE-714 - Malicious File Execution (CWE-714, OWASP 2004:A3)
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Total Protection - Free Antivirus Trial",
              "vendor": "McAfee, LLC",
              "versions": [
                {
                  "lessThanOrEqual": "16.0.R18",
                  "status": "affected",
                  "version": "16.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-714",
                  "description": "Malicious File Execution (CWE-714, OWASP 2004:A3)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-13T13:05:30.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "",
              "ID": "CVE-2019-3646",
              "STATE": "PUBLIC",
              "TITLE": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Total Protection - Free Antivirus Trial",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c=",
                                "version_name": "16.0",
                                "version_value": "16.0.R18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee, LLC"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Malicious File Execution (CWE-714, OWASP 2004:A3)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968",
                  "refsource": "CONFIRM",
                  "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102968"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "EXTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3646",
        "datePublished": "2019-09-13T13:05:30.972Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:09.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }