Description
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://service.mcafee.com/FAQDocument.aspx?&id=TS102968
Scores
CVSS v3
6.9
EPSS
0.0030
EPSS Percentile
53.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Details
CWE
CWE-714
CWE-426
Status
published
Products (1)
mcafee/total_protection
< 16.0.r18
Published
Sep 13, 2019
Tracked Since
Feb 18, 2026