7.2
CVE-2019-3587
- EPSS 0.44%
- Veröffentlicht 23.01.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:42:13
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
LoginDLL Search Order Hijacking vulnerability
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mcafee ≫ Total Protection Version < 16.0.18
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.6 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 0.6 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 7.2 | 0.6 | 6 |
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.