Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1305Data Loss Prevention Endpoint vulnerability

CWE-2647 documents6 sources
Severity
6.9MEDIUMNVD
EPSS
0.5%
top 33.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mcafee Data Loss Prevention Endpoint
Timeline
PublishedFeb 6
Latest updateMay 17

Description

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f4qv-92x7-9234: McAfee Data Loss Prevention Endpoint (DLPe) before 92022-05-17
CVEList
CVE-2015-1305: McAfee Data Loss Prevention Endpoint (DLPe) before 92015-02-06

💥Exploits & PoCs

2
Exploit-DB
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting2018-02-16
Exploit-DB
McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation2015-01-30

📋Vendor Advisories

1
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-26

💬Community

1
Bugzilla
CVE-2014-1305 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-27
CVE-2015-1305 — Mcafee vulnerability | cvebase