Kernel Memory Leak Vulnerability in McAfee File Lock by McAfee
CVE-2015-8772

9.1CRITICAL

Key Information:

Vendor: Mcafee
Status: File Lock
Vendor: CVE Published:; 29 January 2016

Summary

The vulnerability in McAfee File Lock allows local users to exploit the McPvDrv.sys driver, leading to unauthorized access to sensitive kernel memory. An attacker can manipulate the VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY call, potentially causing a denial of service or revealing confidential data from the system's memory, which heightens the risks associated with local user access control.

References

http://seclists.org/fulldisclosure/2016/Jan/90

mailing-listx_refsource_FULLDISC

https://www.nettitude.co.uk/mcafee-file-lock-driver-kerne...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2016
Vulnerability Reserved
Jan 17, 2016