Unauthorized Execution Vulnerability in McAfee Application Control
CVE-2014-9920

5.9MEDIUM

Key Information:

Vendor: Intel
Status: Mcafee Application Control (mac)
Vendor: CVE Published:; 14 March 2017

What is CVE-2014-9920?

This vulnerability in McAfee Application Control allows attackers to exploit a specific flaw in the software, enabling the execution of a malformed Windows binary that bypasses the system’s whitelisting protections. As a result, an attacker can execute arbitrary code on systems running the affected versions of the software, which can lead to severe security compromises.

Affected Version(s)

McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2017
Vulnerability Reserved
Feb 27, 2017

Intel

What is CVE-2014-9920?

Affected Version(s)

References

CVSS V3.1

Timeline