Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Total Protection (MTP) by Mcafee
CVE-2019-3587 (GCVE-0-2019-3587)
Vulnerability from nvd – Published: 2019-01-23 15:00 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Title
DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
Severity
7.2 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://service.mcafee.com/FAQDocument.aspx?&id=TS102887 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mcafee | Total Protection (MTP) |
Affected:
All , < 16.0.R18
(custom)
|
Date Public
2019-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Protection (MTP)",
"vendor": "Mcafee",
"versions": [
{
"lessThan": "16.0.R18",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-23T14:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3587",
"STATE": "PUBLIC",
"TITLE": "DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Protection (MTP)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "16.0.R18"
}
]
}
}
]
},
"vendor_name": "Mcafee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887",
"refsource": "MISC",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3587",
"datePublished": "2019-01-23T15:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3587 (GCVE-0-2019-3587)
Vulnerability from cvelistv5 – Published: 2019-01-23 15:00 – Updated: 2024-08-04 19:12
VLAI
EPSS
VEX
Title
DLL Search Order Hijacking vulnerability
Summary
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
Severity
7.2 (High)
CWE
- DLL Search Order Hijacking vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://service.mcafee.com/FAQDocument.aspx?&id=TS102887 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mcafee | Total Protection (MTP) |
Affected:
All , < 16.0.R18
(custom)
|
Date Public
2019-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Total Protection (MTP)",
"vendor": "Mcafee",
"versions": [
{
"lessThan": "16.0.R18",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Search Order Hijacking vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-23T14:57:01.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2019-3587",
"STATE": "PUBLIC",
"TITLE": "DLL Search Order Hijacking vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Total Protection (MTP)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "16.0.R18"
}
]
}
}
]
},
"vendor_name": "Mcafee"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Search Order Hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887",
"refsource": "MISC",
"url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS102887"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2019-3587",
"datePublished": "2019-01-23T15:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:12:09.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}