DLL Search Order Hijacking in MA for Windows
CVE-2020-7312
7.8HIGH
What is CVE-2020-7312?
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
Affected Version(s)
MA for Windows 5.6.x < 5.6.6
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
McAfee credits Andrew Hess (any1) for responsibly reporting this flaw.