cbcvebase.
CVE-2017-4028
published 2018-04-03

CVE-2017-4028: Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject…

PriorityP418medium4.4CVSS 3.0
AVLACLPRHUINSUCNIHAN
EPSS
0.54%
41.1th percentile
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

Affected

11 ranges
VendorProductVersion rangeFixed in
mcafeeendpoint_security
mcafeehost_intrusion_prevention<= 8.0
mcafeehost_intrusion_prevention
mcafeemcafee_anti-virus_plus>= 170329 < 29 Mar 201729 Mar 2017
mcafeemcafee_endpoint_security>= 10.2 < 10.2 DAT V3 DAT 2932.010.2 DAT V3 DAT 2932.0
mcafeemcafee_host_intrusion_prevention>= 8.0 < 8.0 Patch 9 Hotfix 11885908.0 Patch 9 Hotfix 1188590
mcafeemcafee_internet_security>= 170329 < 29 Mar 201729 Mar 2017
mcafeemcafee_total_protection>= 170329 < 29 Mar 201729 Mar 2017
mcafeemcafee_virus_scan_enterprise>= 8.8 < 8.8 Patch 8/9 Hotfix 11878848.8 Patch 8/9 Hotfix 1187884
mcafeevirus_scan_enterprise<= 8.8
mcafeevirus_scan_enterprise

CVSS provenance

nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.