CVE-2014-9920

Опубликовано: 14 мар. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

Ссылки

https://kc.mcafee.com/corporate/index?page=content&id=SB10077
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10077
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mcafee:application_control:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00373

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-2vwx-95mp-76h9