DLL Search Order Hijacking in MA for Windows
CVE-2020-7312

7.8HIGH

Key Information:

Vendor: Mcafee Llc
Status: Ma For Windows
Vendor: CVE Published:; 9 September 2020

Summary

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

Affected Version(s)

MA for Windows 5.6.x < 5.6.6

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee credits Andrew Hess (any1) for responsibly reporting this flaw.