4 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility. Vulnerabilidad de omisión de contraseña de seguridad en McAfee Application and Change Control (MACC) 7.0.1 y 6.2.0 permite que usuarios autenticados ejecuten comandos arbitrarios mediante una utilidad de línea de comandos arbitrarios. • http://www.securityfocus.com/bid/102988 https://kc.mcafee.com/corporate/index?page=content&id=SB10224 • CWE-274: Improper Handling of Insufficient Privileges CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Privilege escalation vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and 6.x versions allows attackers to cause DoS, unexpected behavior, or potentially unauthorized code execution via an unauthorized use of IOCTL call. Vulnerabilidad de escalada de privilegios en Intel Security McAfee Application Control (MAC) versiones 7.0 y 6.x permite a atacantes provocar DoS, comportamiento inesperado o potencialmente ejecución de código no autorizada a través de un uso no autorizado de llamada IOCTL. • https://kc.mcafee.com/corporate/index?page=content&id=SB10175 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. Vulnerabilidad de elusión de protecciones de aplicaciones en Intel Security McAfee Application Control (MAC) 7.0 y versiones anteriores y Endpoint Security (ENS) 10.2 y versiones anteriores permite a usuarios locales eludir la protección de seguridad local a través de una utilidad de comando de línea. • http://www.securityfocus.com/bid/94661 https://kc.mcafee.com/corporate/index?page=content&id=SB10179 • CWE-284: Improper Access Control •

CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. El controlador del kernel swin.sys en McAfee Application Control (MAC) 6.1.0 en versiones anteriores a build 706, 6.1.1 en versiones anteriores a build 404, 6.1.2 en versiones anteriores a build 449, 6.1.3 en versiones anteriores a build 441 y 6.2.0 en versiones anteriores a build 505 sobre plataformas Windows 32-bit permite a usuarios locales causar una denegación de servicio (corrupción de memoria y caída de sistema) u obtener privilegios a través de una llamada al sistema 768, lo que desencadena un cero a escribir en una ubicación de memoria del kernel arbitraria. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of McAfee Application Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of syscall 768 in the swin.sys kernel driver. A malicious call can write a 0 to an arbitrary address in kernel memory. • http://www.zerodayinitiative.com/advisories/ZDI-16-007 https://kc.mcafee.com/corporate/index?page=content&id=SB10145 • CWE-189: Numeric Errors •