CVE-2022-0280
HIGHMcAfee Total Protection for Windows <16.0.43 - Privilege Escalation
Title source: llmDescription
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
23.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (1)
microsoft/windows
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026