CVE-2016-4534

LOW

McAfee VirusScan Enterprise 8.8.0 - Local Console Unlock via Registry Handle Closure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4534. PoCs published by Maurizio Agazzini.

AI-analyzed exploit summary This exploit bypasses McAfee VirusScan Enterprise's password protection by directly manipulating registry keys and interacting with the WGUARDNT device driver. It allows a local administrator to disable the antivirus engine without knowing the management password.

Description

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.

Exploits (1)

exploitdb WORKING POC
by Maurizio Agazzini · clocalwindows
https://www.exploit-db.com/exploits/39531

This exploit bypasses McAfee VirusScan Enterprise's password protection by directly manipulating registry keys and interacting with the WGUARDNT device driver. It allows a local administrator to disable the antivirus engine without knowing the management password.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: McAfee VirusScan Enterprise 8.8 and prior versions
Auth required
Prerequisites: Local administrator privileges on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 3.0
EPSS 0.0280
EPSS Percentile 86.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-264
Status published
Products (2)
mcafee/virusscan_enterprise 8.8.0
microsoft/windows
Published May 05, 2016
Tracked Since Feb 18, 2026