CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3648 – Implicit loading of DLLs
https://notcve.org/view.php?id=CVE-2019-3648
13 Nov 2019 — A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. Una vulnerabilidad de escalada de privilegios en el cliente de Microsoft Windows en McAfee Total Protection versión 16.0.R22 y anteriores, permite a administradores ejecutar código arbitrario mediante la colocación cuidadosa de archivos maliciosos ... • https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3636 – File masquerade attack vulnerability in McAfee Total Protection
https://notcve.org/view.php?id=CVE-2019-3636
28 Oct 2019 — A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected. Una vulnerabilidad de Enmascaramiento de Archivos en McAfee Total Protection (MTP) versión 16.0.R21 y anteriores, en el cliente de Windows permitió a un atacante leer la lista de texto plano de los archivos de exc... • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102982 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3646 – McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2019-3646
13 Sep 2019 — DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. Una vulnerabilidad de Secuestro de Órdenes de Búsqueda de DLL en cliente Microsoft Windows en McAfee Total Protection (MTP) Free Antivirus Trial versión 16.0.R18 y anteriores, permite a usuarios locales ejecutar código arbitrario medi... • http://service.mcafee.com/FAQDocument.aspx?&id=TS102968 • CWE-426: Untrusted Search Path CWE-714: OWASP Top Ten 2007 Category A3 - Malicious File Execution •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3593 – Exploitation of Privilege/Trust vulnerability
https://notcve.org/view.php?id=CVE-2019-3593
28 Jan 2019 — Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via specially crafted malware. Una vulnerabilidad de explotación de privilegios/confianza en el cliente de Microsoft Windows en McAfee Total Protection (MTP), en versiones anteriores a la 16.0.R18, permite a los usuarios locales omitir la autop... • http://service.mcafee.com/FAQDocument.aspx?&id=TS102888 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3587 – DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2019-3587
23 Jan 2019 — DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. Vulnerabilidad de secuestro de orden de búsqueda de DLL en el cliente de McAfee Total Protection (MTP), en versiones anteriores a la 16.0.18, permite que usuarios locales ejecuten código arbitrario mediante una carpeta comprometida. • http://service.mcafee.com/FAQDocument.aspx?&id=TS102887 • CWE-426: Untrusted Search Path •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-4028 – SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
https://notcve.org/view.php?id=CVE-2017-4028
03 Apr 2018 — Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. Vulnerabilidad de registro maliciosamente configurado en todos los productos Microsoft Windows en productos para consumidores y empresas de McAfee permite que un administrador inyecte código arbitrario en un proceso McAffee depurado mediante la manipulación de parám... • http://www.securityfocus.com/bid/97958 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5166
https://notcve.org/view.php?id=CVE-2010-5166
25 Aug 2012 — Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has a... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2009-1348
https://notcve.org/view.php?id=CVE-2009-1348
30 Apr 2009 — The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. El AV engine antes de DAT 5600 en McAfee Virus... • http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html • CWE-20: Improper Input Validation •