Description
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
https://service.mcafee.com/?articleId=TS103243
Scores
CVSS v3
7.4
EPSS
0.0006
EPSS Percentile
18.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
mcafee/techcheck
< 4.0.0.2
Published
Jan 11, 2022
Tracked Since
Feb 18, 2026