Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for internet_security by mcafee

    CVE-2019-3648 (GCVE-0-2019-3648)

    Vulnerability from nvd – Published: 2019-11-13 08:55 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Implicit loading of DLLs
    Summary
    A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee Total Protection Affected: 16.0.x , < 16.0.R22 Refresh 1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Total Protection",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "16.0.R22 Refresh 1",
                  "status": "affected",
                  "version": "16.0.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T19:37:54.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Implicit loading of DLLs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3648",
              "STATE": "PUBLIC",
              "TITLE": "Implicit loading of DLLs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Total Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.0.x",
                                "version_value": "16.0.R22 Refresh 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
                },
                {
                  "name": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3648",
        "datePublished": "2019-11-13T08:55:53.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4028 (GCVE-0-2017-4028)

    Vulnerability from nvd – Published: 2018-04-03 22:00 – Updated: 2024-09-17 01:25
    VLAI
    Title
    SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
    Summary
    Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
    CWE
    • Maliciously misconfigured registry vulnerability
    Assigner
    References
    Impacted products
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
              },
              {
                "name": "97958",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97958"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Anti-Virus Plus (AVP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Endpoint Security (ENS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "10.2 DAT V3 DAT 2932.0",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Host Intrusion Prevention (Host IPS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.0 Patch 9 Hotfix 1188590",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Internet Security (MIS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Total Protection (MTP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Virus Scan Enterprise (VSE)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.8 Patch 8/9 Hotfix 1187884",
                  "status": "affected",
                  "version": "8.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Maliciously misconfigured registry vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
            },
            {
              "name": "97958",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97958"
            }
          ],
          "source": {
            "advisory": "SB10193",
            "discovery": "EXTERNAL"
          },
          "title": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-05-12T17:00:00.000Z",
              "ID": "CVE-2017-4028",
              "STATE": "PUBLIC",
              "TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Anti-Virus Plus (AVP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Endpoint Security (ENS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "10.2",
                                "version_value": "10.2 DAT V3 DAT 2932.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Host Intrusion Prevention (Host IPS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.0",
                                "version_value": "8.0 Patch 9 Hotfix 1188590"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Internet Security (MIS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Total Protection (MTP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Virus Scan Enterprise (VSE)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.8",
                                "version_value": "8.8 Patch 8/9 Hotfix 1187884"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Maliciously misconfigured registry vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
                },
                {
                  "name": "97958",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97958"
                }
              ]
            },
            "source": {
              "advisory": "SB10193",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-4028",
        "datePublished": "2018-04-03T22:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:25:40.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3648 (GCVE-0-2019-3648)

    Vulnerability from cvelistv5 – Published: 2019-11-13 08:55 – Updated: 2024-08-04 19:12
    VLAI
    Title
    Implicit loading of DLLs
    Summary
    A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    McAfee,LLC McAfee Total Protection Affected: 16.0.x , < 16.0.R22 Refresh 1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Total Protection",
              "vendor": "McAfee,LLC",
              "versions": [
                {
                  "lessThan": "16.0.R22 Refresh 1",
                  "status": "affected",
                  "version": "16.0.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-18T19:37:54.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Implicit loading of DLLs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "ID": "CVE-2019-3648",
              "STATE": "PUBLIC",
              "TITLE": "Implicit loading of DLLs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Total Protection",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.0.x",
                                "version_value": "16.0.R22 Refresh 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee,LLC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984",
                  "refsource": "CONFIRM",
                  "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102984"
                },
                {
                  "name": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648",
                  "refsource": "MISC",
                  "url": "https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2019-3648",
        "datePublished": "2019-11-13T08:55:53.000Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4028 (GCVE-0-2017-4028)

    Vulnerability from cvelistv5 – Published: 2018-04-03 22:00 – Updated: 2024-09-17 01:25
    VLAI
    Title
    SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
    Summary
    Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
    CWE
    • Maliciously misconfigured registry vulnerability
    Assigner
    References
    Impacted products
    Date Public
    2017-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
              },
              {
                "name": "97958",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97958"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "McAfee Anti-Virus Plus (AVP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Endpoint Security (ENS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "10.2 DAT V3 DAT 2932.0",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Host Intrusion Prevention (Host IPS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.0 Patch 9 Hotfix 1188590",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Internet Security (MIS)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Total Protection (MTP)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "29 Mar 2017",
                  "status": "affected",
                  "version": "170329",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "McAfee Virus Scan Enterprise (VSE)",
              "vendor": "McAfee",
              "versions": [
                {
                  "lessThan": "8.8 Patch 8/9 Hotfix 1187884",
                  "status": "affected",
                  "version": "8.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Maliciously misconfigured registry vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-04T09:57:01.000Z",
            "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
            "shortName": "trellix"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
            },
            {
              "name": "97958",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97958"
            }
          ],
          "source": {
            "advisory": "SB10193",
            "discovery": "EXTERNAL"
          },
          "title": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mcafee.com",
              "DATE_PUBLIC": "2017-05-12T17:00:00.000Z",
              "ID": "CVE-2017-4028",
              "STATE": "PUBLIC",
              "TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "McAfee Anti-Virus Plus (AVP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Endpoint Security (ENS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "10.2",
                                "version_value": "10.2 DAT V3 DAT 2932.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Host Intrusion Prevention (Host IPS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.0",
                                "version_value": "8.0 Patch 9 Hotfix 1188590"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Internet Security (MIS)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Total Protection (MTP)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "170329",
                                "version_value": "29 Mar 2017"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "McAfee Virus Scan Enterprise (VSE)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.8",
                                "version_value": "8.8 Patch 8/9 Hotfix 1187884"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "McAfee"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Maliciously misconfigured registry vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10193"
                },
                {
                  "name": "97958",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97958"
                }
              ]
            },
            "source": {
              "advisory": "SB10193",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "assignerShortName": "trellix",
        "cveId": "CVE-2017-4028",
        "datePublished": "2018-04-03T22:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:25:40.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }