CVE-2017-3897

CRITICAL

McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection

Title source: llm

Description

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · remotewindows

https://www.exploit-db.com/exploits/44067

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100100

Scores

CVSS v3 9.8

EPSS 0.0406

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (4)

McAfee/Live Safe 16.0.3

mcafee/livesafe < 16.0.2

McAfee/Security Scan Plus 3.11.599.3

mcafee/security_scan_plus < 3.11.599.2

Published Sep 01, 2017

Tracked Since Feb 18, 2026