CVE-2019-3636: File masquerade attack vulnerability in McAfee Total Protection
First published: Mon Oct 28 2019(Updated: )
A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Total Protection | <=16.0.r21 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this McAfee Total Protection vulnerability?
The vulnerability ID for this McAfee Total Protection vulnerability is CVE-2019-3636.
What is the title of this vulnerability?
The title of this vulnerability is 'A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client'.
What is the affected software for this vulnerability?
The affected software for this vulnerability is McAfee Total Protection v16.0.R21 and earlier.
What is the severity rating for this vulnerability?
The severity rating for this vulnerability is high with a CVSS score of 7.8.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by reading the plaintext list of AV-Scan exclusion files from the Windows registry and replacing excluded files with potential malware.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee total protection
- version/mcafee total protection/16.0.r21
- vendor/microsoft
- canonical/microsoft windows