VSE Escalation of Privileges through Alert pop-up window
CVE-2019-3585

7HIGH

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Virusscan Enterprise (vse)
Vendor: CVE Published:; 10 June 2020

Summary

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

Affected Version(s)

McAfee VirusScan Enterprise (VSE) 8.8.x < 8.8 Patch 14

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2019

Credit

McAfee credits Lockheed Martin Red Team for reporting this bug