CVE-2017-4028
MEDIUMMcAfee Anti-Virus Plus - Authenticated Code Injection via Registry Manipulation
Title source: llmDescription
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10193
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97958
Scores
CVSS v3
5.0
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N
Details
CWE
CWE-74
Status
published
Products (8)
mcafee/anti-virus_plus
mcafee/endpoint_security
10.2
mcafee/host_intrusion_prevention
8.0 patch_1 (9 CPE variants)
mcafee/host_intrusion_prevention
< 8.0
mcafee/internet_security
mcafee/total_protection
mcafee/virus_scan_enterprise
8.8 patch_9
mcafee/virus_scan_enterprise
< 8.8
Published
Apr 03, 2018
Tracked Since
Feb 18, 2026