CVE-2018-6755

HIGH

McAfee True Key < 5.1.230.7 - Unauthenticated Arbitrary Code Execution via Weak Directory Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6755. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details multiple privilege escalation vulnerabilities in McAfee True Key Service, focusing on insecure certificate validation and TOCTOU issues in the SecureExecute command. It includes a technical breakdown of the flaws and a proof-of-concept exploit.

Description

Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/45961

The writeup details multiple privilege escalation vulnerabilities in McAfee True Key Service, focusing on insecure certificate validation and TOCTOU issues in the SecureExecute command. It includes a technical breakdown of the flaws and a proof-of-concept exploit.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: McAfee True Key Service 5.1.173.1
No auth needed
Prerequisites: Access to the target system · Ability to execute arbitrary code as a low-privileged user
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45961/
Various Sources x_refsource_confirm
http://service.mcafee.com/FAQDocument.aspx?&id=TS102872

Scores

CVSS v3 7.2
EPSS 0.0098
EPSS Percentile 57.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
mcafee/true_key < 5.1.230.7
Published Dec 06, 2018
Tracked Since Feb 18, 2026