Remote Code Execution Vulnerability in McAfee Total Protection
CVE-2023-25134

6.7MEDIUM

Key Information:

Vendor: Mcafee
Status: Total Protection
Vendor: CVE Published:; 21 March 2023

What is CVE-2023-25134?

The vulnerability allows an adversary with full administrative access to manipulate a specific Component Object Model (COM) entry within the Windows Registry of McAfee Total Protection. This manipulation can lead to the execution of a malicious payload, posing significant risks to system integrity and data security.

References

https://www.mcafee.com/en-us/consumer-corporate/mcafee-la...

https://www.mcafee.com/support/?articleId=TS103398&page=s...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Feb 3, 2023

Mcafee

What is CVE-2023-25134?

References

CVSS V3.1

Timeline