Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-31844

Опубликовано: 17 сент. 2021
Источник: nvd
CVSS3: 8.2
CVSS3: 7.3
CVSS2: 4.6
EPSS Низкий

Описание

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*
Версия до 11.6.200 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%
0.0006
Низкий

8.2 High

CVSS3

7.3 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-120
CWE-120

Связанные уязвимости

github логотип

GHSA-88gm-mqfx-w7ch

CVSS3: 7.3
github
больше 3 лет назад

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

EPSS

Процентиль: 19%
0.0006
Низкий

8.2 High

CVSS3

7.3 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-120
CWE-120