Описание
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
Ссылки
- Broken Link
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
8.2 High
CVSS3
7.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
Связанные уязвимости
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
EPSS
8.2 High
CVSS3
7.8 High
CVSS3
6.9 Medium
CVSS2