CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-4028 – SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability
https://notcve.org/view.php?id=CVE-2017-4028
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters. Vulnerabilidad de registro maliciosamente configurado en todos los productos Microsoft Windows en productos para consumidores y empresas de McAfee permite que un administrador inyecte código arbitrario en un proceso McAffee depurado mediante la manipulación de parámetros de registro. • http://www.securityfocus.com/bid/97958 https://kc.mcafee.com/corporate/index?page=content&id=SB10193 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5166
https://notcve.org/view.php?id=CVE-2010-5166
Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en McAfee Total Protection 2010 v10.0.580 sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2009-1348
https://notcve.org/view.php?id=CVE-2009-1348
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detección de virus a través de (1) un campo Headflags inválido de un archivo RAR malformado, (2) un campo Packsize inválido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado. • http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html http://secunia.com/advisories/34949 http://www.securityfocus.com/archive/1/503173/100/0/threaded http://www.securityfocus.com/bid/34780 https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT • CWE-20: Improper Input Validation •