File masquerade attack vulnerability in McAfee Total Protection
CVE-2019-3636

7.5HIGH

Key Information:

Vendor: Mcafee, Lcc
Status: Mcafee Total Protection
Vendor: CVE Published:; 28 October 2019

Summary

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.

Affected Version(s)

McAfee Total Protection 16 < 16.0.R22

References

https://service.mcafee.com/webcenter/portal/cp/home/artic...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 28, 2019
Vulnerability Reserved
Jan 3, 2019