Stack-Based Buffer Overflow in McAfee File Lock by McAfee
CVE-2015-8773

7.5HIGH

Key Information:

Vendor: Mcafee
Status: File Lock
Vendor: CVE Published:; 29 January 2016

Summary

A stack-based buffer overflow vulnerability exists in the McPvDrv.sys driver (version 4.6.111.0) used by McAfee File Lock 5.x. This flaw exposes the system to potential denial of service attacks, allowing attackers to induce crashes through the exploitation of excessively long vault GUIDs in ioctl calls. Such an attack may lead to significant system instability and service disruption.

References

https://www.nettitude.co.uk/mcafee-file-lock-driver-kerne...

x_refsource_MISC

http://seclists.org/fulldisclosure/2016/Jan/92

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2016
Vulnerability Reserved
Jan 17, 2016