4 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2022 — An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code due to lack of an integrity check of the configuration file. Una vulnerabilidad de administración de privilegios inapropiada en McAfee Security Scan Plus (MSS+) versiones anteriores a 4.1.262.1 podría perm... • https://attack.mitre.org/techniques/T1218 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1

01 Sep 2017 — A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. Una vulnerabilidad de inyección de código en el mecanismo de autenticación no basado en certificados en McAfee Live Safe en versiones anteriores a la 16.0.3 y McAfee Security Scan Plus (MSS+) en versiones anteriores a la 3.1... • https://www.exploit-db.com/exploits/44067 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

14 Mar 2017 — Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. Vulnerabilidad de escalada de privilegios en Windows 7 y Windows 10 en McAfee Security Scan Plus (SSP) 3.11.376 permite a atacantes cargar un reemplazo del archivo version.dll a través de McAfee McUICnt.exe en un sistema Windows. • https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102593 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

14 Mar 2017 — Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors. Vulnerabilidad de ejecución de comandos arbitrarios en Intel Security McAfee Security Scan Plus (SSP) 3.11.469 y versiones anteriores permite a usuarios autenticados obtener privilegios elevados a través de vectores no especificados. • http://www.securityfocus.com/bid/98068 • CWE-264: Permissions, Privileges, and Access Controls •