McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
CVE-2019-3646

6.9MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Total Protection - Free Antivirus Trial
Vendor: CVE Published:; 13 September 2019

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2019-3646?

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

Affected Version(s)

McAfee Total Protection - Free Antivirus Trial 16.0 <= 16.0.R18

References

http://service.mcafee.com/FAQDocument.aspx?&id=TS102968

x_refsource_CONFIRM

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2019
Vulnerability Reserved
Jan 3, 2019

JSON