First published: Wed Nov 13 2019(Updated: )
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mcafee Anti-virus Plus | <=16.0.r22 | |
Mcafee Internet Security | <=16.0.r22 | |
Mcafee Total Protection | <=16.0r22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3648 is a Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier.
CVE-2019-3648 affects McAfee Anti-virus Plus, McAfee Internet Security, and McAfee Total Protection versions 16.0.R22 and earlier.
The severity of CVE-2019-3648 is high, with a severity value of 6.7.
An attacker can exploit CVE-2019-3648 by carefully placing malicious files in specific locations protected by administrator permission, allowing them to execute arbitrary code.
Yes, McAfee has released patches and fixes for CVE-2019-3648. Please refer to the references for more information.