SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
CVE-2017-4028
5MEDIUM
Key Information:
- Vendor
- Mcafee
- Status
- Vendor
- CVE Published:
- 3 April 2018
Summary
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
Affected Version(s)
McAfee Anti-Virus Plus (AVP) 170329 < 29 Mar 2017
McAfee Endpoint Security (ENS) 10.2 < 10.2 DAT V3 DAT 2932.0
McAfee Host Intrusion Prevention (Host IPS) 8.0 < 8.0 Patch 9 Hotfix 1188590
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved