DLL search order hijacking in Host IPS
CVE-2020-7279

4.6MEDIUM

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Host Intrusion Prevention System (host Ips) For Windows
Vendor: CVE Published:; 10 June 2020

🔔 Create Mcafee, Llc Vulnerability Alert

What is CVE-2020-7279?

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Affected Version(s)

McAfee Host Intrusion Prevention System (Host IPS) for Windows 8.0.x < 8.0.0 Patch 15 update

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 21, 2020