CVE-2019-3646 - OpenCVE

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mcafee	Total Protection

Configuration 1 [-]

cpe:2.3:a:mcafee:total_protection:*:*:*:*:free_trial:*:*:*

No data.

References

Link	Providers
http://service.mcafee.com/FAQDocument.aspx?&id=TS102968

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2019-09-13T13:05:30.972134Z

Updated: 2024-09-17T04:14:09.427Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3646

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-13T13:15:11.620

Modified: 2023-11-07T03:10:06.603

Link: CVE-2019-3646

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "McAfee Total Protection - Free Antivirus Trial", "vendor": "McAfee, LLC", "versions": [{"lessThanOrEqual": "16.0.R18", "status": "affected", "version": "16.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-714", "description": "Malicious File Execution (CWE-714, OWASP 2004:A3)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-13T13:05:30", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://service.mcafee.com/FAQDocument.aspx?&id=TS102968"}], "source": {"discovery": "EXTERNAL"}, "title": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "", "ID": "CVE-2019-3646", "STATE": "PUBLIC", "TITLE": "McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Total Protection - Free Antivirus Trial", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "16.0", "version_value": "16.0.R18"}]}}]}, "vendor_name": "McAfee, LLC"}]}}, "configuration": [], "credit": [], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Malicious File Execution (CWE-714, OWASP 2004:A3)"}]}]}, "references": {"reference_data": [{"name": "http://service.mcafee.com/FAQDocument.aspx?&id=TS102968", "refsource": "CONFIRM", "url": "http://service.mcafee.com/FAQDocument.aspx?&id=TS102968"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.714Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://service.mcafee.com/FAQDocument.aspx?&id=TS102968"}]}]}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2019-3646", "datePublished": "2019-09-13T13:05:30.972134Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T04:14:09.427Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:total_protection:*:*:*:*:free_trial:*:*:*", "matchCriteriaId": "958A9364-06E1-4E80-A191-86BE8DDB5CF9", "versionEndIncluding": "16.0.r18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights."}, {"lang": "es", "value": "Una vulnerabilidad de Secuestro de \u00d3rdenes de B\u00fasqueda de DLL en cliente Microsoft Windows en McAfee Total Protection (MTP) Free Antivirus Trial versi\u00f3n 16.0.R18 y anteriores, permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante la ejecuci\u00f3n desde una carpeta comprometida colocada por parte de un atacante con derechos de administrador."}], "id": "CVE-2019-3646", "lastModified": "2023-11-07T03:10:06.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 5.3, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2019-09-13T13:15:11.620", "references": [{"source": "trellixpsirt@trellix.com", "url": "http://service.mcafee.com/FAQDocument.aspx?&id=TS102968"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-714"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}