CVE-2018-6674

CWE-264 CWE-269 — Improper Privilege Management CWE-274 CWE-3116 documents5 sources

Severity

3.9LOW

EPSS

0.0%

top 94.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee, LLC Virusscan Enterprise (vse)Mcafee Virusscan Enterprise

Timeline

PublishedMay 25

Latest updateMay 13

Description

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 0.2 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5mcafee,_llc/virusscan_enterprise_(vse)8.8 — 8.8 Patch 13

▶NVDmcafee/virusscan_enterprise8.8.0

🔴Vulnerability Details

GHSA

GHSA-j2w2-mjcv-7rfm: Privilege Escalation vulnerability in Microsoft Windows client (McTray↗2022-05-13

▶

CVEList

Privilege escalation vulnerability in McAfee VSE when McTray run with elevated privileges↗2018-05-25

▶

📋Vendor Advisories

Red Hat

Mozilla: Script execution in HTML mail replies (MFSA 2014-14)↗2014-02-06

▶

Red Hat

Mozilla: Script execution in HTML mail replies (MFSA 2014-14)↗2014-02-06

▶