First published: Wed Jan 23 2019(Updated: )
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Total Protection | <16.0.18 | |
Microsoft Windows | ||
All of | ||
Mcafee Total Protection | <16.0.18 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3587 is a DLL Search Order Hijacking vulnerability in McAfee Total Protection (MTP) on Microsoft Windows client.
CVE-2019-3587 allows local users to execute arbitrary code via execution from a compromised folder in McAfee Total Protection.
CVE-2019-3587 affects McAfee Total Protection prior to version 16.0.18.
No, Microsoft Windows is not vulnerable to CVE-2019-3587.
CVE-2019-3587 has a severity rating of 6.5 (high).
To fix CVE-2019-3587, update McAfee Total Protection to version 16.0.18 or later.
You can find more information about CVE-2019-3587 on the McAfee support website: (link: http://service.mcafee.com/FAQDocument.aspx?&id=TS102887)
CWE-426 is a vulnerability type known as 'Untrusted Search Path.'