CVE-2024-49592

MEDIUM

McAfee Total Protection <16.0.53 - Privilege Escalation

Title source: llm

Description

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References (1)

[Various Sources] https://www.mcafee.com/support/s/article/000002516?language=en_US

Scores

CVSS v3 6.7

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Timeline

Published Nov 15, 2024

Tracked Since Feb 18, 2026