Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mcafee
Mcafee total Protection |
|
Weaknesses | CWE-427 | |
CPEs | cpe:2.3:a:mcafee:total_protection:16.0.53:*:*:*:*:*:*:* | |
Vendors & Products |
Mcafee
Mcafee total Protection |
|
Metrics |
cvssV3_1
|
Mon, 18 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. | Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
Fri, 15 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-15T00:00:00
Updated: 2024-11-27T16:57:18.153Z
Reserved: 2024-10-17T00:00:00
Link: CVE-2024-49592
Vulnrichment
Updated: 2024-11-27T16:57:11.271Z
NVD
Status : Awaiting Analysis
Published: 2024-11-15T21:15:11.070
Modified: 2024-11-27T17:15:12.093
Link: CVE-2024-49592
Redhat
No data.