Description
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
Exploits (1)
exploitdb
WORKING POC
by Maurizio Agazzini · clocalwindows
https://www.exploit-db.com/exploits/39531
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://lab.mediaservice.net/advisory/2016-01-mcafee.txt
Exploit exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39531/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035130
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10151
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Mar/13
Scores
CVSS v3
5.1
EPSS
0.0029
EPSS Percentile
52.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Details
CWE
CWE-284
Status
published
Products (8)
mcafee/active_response
< 1.1.0.158
mcafee/agent
< 5.0.2.285
mcafee/data_exchange_layer
< 2.0.0.430.1
mcafee/data_loss_prevention_endpoint
< 9.3.0
mcafee/data_loss_prevention_endpoint
< 9.4.0
mcafee/endpoint_security
< 10.0.1
mcafee/host_intrusion_prevention
< 8.0.0
mcafee/virusscan_enterprise
< 8.8.0
Published
Apr 08, 2016
Tracked Since
Feb 18, 2026