Implicit loading of DLLs
CVE-2019-3648

6.1MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Total Protection
Vendor: CVE Published:; 13 November 2019

What is CVE-2019-3648?

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

Affected Version(s)

McAfee Total Protection 16.0.x < 16.0.R22 Refresh 1

References

https://service.mcafee.com/webcenter/portal/cp/home/artic...

x_refsource_CONFIRM

https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-M...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 3, 2019

Mcafee,llc

What is CVE-2019-3648?

Affected Version(s)

References

CVSS V3.1

Timeline