CVE-2020-7312: DLL Search Order Hijacking in MA for Windows
First published: Thu Sep 10 2020(Updated: )
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Mcafee Agent | <5.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this DLL Search Order Hijacking vulnerability?
The vulnerability ID for this DLL Search Order Hijacking vulnerability is CVE-2020-7312.
What is the severity rating of CVE-2020-7312?
CVE-2020-7312 has a severity rating of 7.8 (High).
Which software is affected by CVE-2020-7312?
The software affected by CVE-2020-7312 is McAfee Agent (MA) for Windows prior to version 5.6.6.
How can local users exploit CVE-2020-7312?
Local users can exploit CVE-2020-7312 by executing arbitrary code and escalating privileges from a compromised folder.
How can I fix CVE-2020-7312?
To fix CVE-2020-7312, update to McAfee Agent version 5.6.6 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mcafee
- canonical/mcafee mcafee agent