CVE-2020-7279: DLL search order hijacking in Host IPS
First published: Wed Jun 10 2020(Updated: )
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Host Intrusion Prevention | =8.0.0 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p1 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p10 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p11 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p12 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p13 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p14 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p15 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p2 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p3 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p4 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p5 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p6 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p7 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p8 | |
| Mcafee Host Intrusion Prevention | =8.0.0-p9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the DLL Search Order Hijacking vulnerability in McAfee Host Intrusion Prevention System?
The vulnerability ID for the DLL Search Order Hijacking vulnerability in McAfee Host Intrusion Prevention System is CVE-2020-7279.
What is the severity rating of CVE-2020-7279?
CVE-2020-7279 has a severity rating of 7.8 (high).
How does the DLL Search Order Hijacking vulnerability in McAfee Host Intrusion Prevention System allow attackers to execute arbitrary code?
The DLL Search Order Hijacking vulnerability in McAfee Host Intrusion Prevention System allows attackers with local access to execute arbitrary code by executing from a compromised folder.
Which versions of McAfee Host Intrusion Prevention System are affected by CVE-2020-7279?
Versions 8.0.0 to 8.0.0 Patch 15 Update of McAfee Host Intrusion Prevention System for Windows are affected by CVE-2020-7279.
How can I fix the DLL Search Order Hijacking vulnerability in McAfee Host Intrusion Prevention System?
To fix the DLL Search Order Hijacking vulnerability, you should update McAfee Host Intrusion Prevention System for Windows to version 8.0.0 Patch 15 Update or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee host intrusion prevention
- version/mcafee host intrusion prevention/8.0.0
- version/mcafee host intrusion prevention/8.0.0-p1
- version/mcafee host intrusion prevention/8.0.0-p10
- version/mcafee host intrusion prevention/8.0.0-p11
- version/mcafee host intrusion prevention/8.0.0-p12
- version/mcafee host intrusion prevention/8.0.0-p13
- version/mcafee host intrusion prevention/8.0.0-p14
- version/mcafee host intrusion prevention/8.0.0-p15
- version/mcafee host intrusion prevention/8.0.0-p2
- version/mcafee host intrusion prevention/8.0.0-p3
- version/mcafee host intrusion prevention/8.0.0-p4
- version/mcafee host intrusion prevention/8.0.0-p5
- version/mcafee host intrusion prevention/8.0.0-p6
- version/mcafee host intrusion prevention/8.0.0-p7
- version/mcafee host intrusion prevention/8.0.0-p8
- version/mcafee host intrusion prevention/8.0.0-p9