CVE-2018-6700 – True Key (TK) - DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2018-6700
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. Vulnerabilidad de secuestro de orden de búsqueda de DLL en Microsoft Windows Client en McAfee True Key (TK) en versiones anteriores a la 5.1.165 permite que usuarios locales ejecuten código arbitrario mediante malware especialmente manipulado. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102846 • CWE-426: Untrusted Search Path •
CVE-2018-6682 – True Key (TK) - Cross Site Scripting Exposure
https://notcve.org/view.php?id=CVE-2018-6682
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. Exposición a Cross-Site Scripting (XSS) en McAfee True Key (TK) en versiones 4.0.0.0 y anteriores permite que usuarios locales expongan datos confidenciales mediante un sitio web manipulado. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6661 – TS102801 True Key DLL Side-Loading vulnerability
https://notcve.org/view.php?id=CVE-2018-6661
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. Vulnerabilidad de carga lateral de DLL en Microsoft Windows Client en McAfee True Key en versiones anteriores a la 4.20.110 permite que los usuarios locales obtengan una elevación de privilegios al no verificar la firma de un archivo DLL específico. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Intel Security True Key. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrueKey service, which listens on TCP port 30000 by default. A crafted message to the SecureExecute method can trigger it to launch insecure binaries. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801 • CWE-426: Untrusted Search Path •