First published: Fri May 25 2018(Updated: )
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Virusscan Enterprise | =8.8.0 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6674 is a privilege escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13.
CVE-2018-6674 allows local users to spawn unrelated processes with elevated privileges in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13.
This vulnerability can be exploited by the system administrator granting McTray.exe elevated privileges, allowing local users to spawn unrelated processes with elevated privileges.
CVE-2018-6674 has a severity rating of medium with a CVSS score of 3.9.
CVE-2018-6674 can be patched by applying Patch 13 for McAfee VirusScan Enterprise (VSE) 8.8.