CVE-2019-3667

MEDIUM

Mcafee Techcheck < 3.0.0.17 - Uncontrolled Search Path

Title source: rule

Description

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.

References (1)

[Various Sources] https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996

Scores

CVSS v3 6.6

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

Classification

CWE

CWE-427

Status published

Affected Products (1)

mcafee/techcheck < 3.0.0.17

Timeline

Published Dec 11, 2019

Tracked Since Feb 18, 2026