CVE-2014-9920

MEDIUM

McAfee Application Control 6.0.0-6.1.3 - Unauthorized Binary Execution via Whitelist Bypass

Title source: llm

Description

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10077

Scores

CVSS v3 5.9

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284

Status published

Products (7)

Intel/McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399

mcafee/application_control 6.0.0

mcafee/application_control 6.0.1

mcafee/application_control 6.1.0

mcafee/application_control 6.1.1

mcafee/application_control 6.1.2

mcafee/application_control 6.1.3

Published Mar 14, 2017

Tracked Since Feb 18, 2026