How does CVE-2021-31844 affect McAfee Data Loss Prevention (DLP) Endpoint for Windows?

CVE-2021-31844 allows a local attacker to execute arbitrary code with elevated privileges by placing crafted Ami Pro (.sam) files and triggering a DLP Endpoint scan.

What is the severity of CVE-2021-31844?

CVE-2021-31844 has a severity rating of 7.8 (high).

How can I fix CVE-2021-31844?

To fix CVE-2021-31844, users should upgrade McAfee Data Loss Prevention (DLP) Endpoint for Windows to version 11.6.200 or later.

Where can I find more information about CVE-2021-31844?

More information about CVE-2021-31844 can be found at the following link: [McAfee Security Bulletin SB10368](https://kc.mcafee.com/corporate/index?page=content&id=SB10368)

Vulnerability/
CVE-2021-31844

high

8.2

CWE

120 119

17/9/2021

3/8/2024

CVE-2021-31844: Local Privilege Escalation in McAfee DLP Endpoint for Windows

Q: What is CVE-2021-31844?

CVE-2021-31844 is a buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to version 11.6.200.

First published: Fri Sep 17 2021(Updated: )

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Credit: psirt@mcafee.com trellixpsirt@trellix.com

Affected Software	Affected Version	How to fix
Mcafee Data Loss Prevention Endpoint	<11.6.200
Mcafee Data Loss Prevention Endpoint	<11.6.200
Microsoft Windows

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Never miss a vulnerability like this again

Reference Links

https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Frequently Asked Questions

What is CVE-2021-31844?
CVE-2021-31844 is a buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to version 11.6.200.
How does CVE-2021-31844 affect McAfee Data Loss Prevention (DLP) Endpoint for Windows?
CVE-2021-31844 allows a local attacker to execute arbitrary code with elevated privileges by placing crafted Ami Pro (.sam) files and triggering a DLP Endpoint scan.
What is the severity of CVE-2021-31844?
CVE-2021-31844 has a severity rating of 7.8 (high).
How can I fix CVE-2021-31844?
To fix CVE-2021-31844, users should upgrade McAfee Data Loss Prevention (DLP) Endpoint for Windows to version 11.6.200 or later.
Where can I find more information about CVE-2021-31844?
More information about CVE-2021-31844 can be found at the following link: [McAfee Security Bulletin SB10368](https://kc.mcafee.com/corporate/index?page=content&id=SB10368)

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/title
agent/remedy
agent/tags
agent/event
agent/first-publish-date
agent/description
vendor/mcafee
canonical/mcafee data loss prevention endpoint
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.