CVE-2018-6674
published 2018-05-25CVE-2018-6674: Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to…
PriorityP412low3.9CVSS 3.0
AVPACLPRHUINSUCHINAN
EPSS
0.18%
7.8th percentile
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | virusscan_enterprise | — | — |
| mcafee_llc | virusscan_enterprise | >= 8.8 < 8.8 Patch 13 | 8.8 Patch 13 |
CVSS provenance
nvdv3.03.9LOWCVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j2w2-mjcv-7rfm: Privilege Escalation vulnerability in Microsoft Windows client (McTray
ghsa_unreviewed·2022-05-13
CVE-2018-6674 [LOW] CWE-311 GHSA-j2w2-mjcv-7rfm: Privilege Escalation vulnerability in Microsoft Windows client (McTray
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
vendor_redhat·2014-02-06·CVSS 4.3
CVE-2013-6674 [MEDIUM] Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Statement: This issue was resolved in the version of thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 via RHSA-2013:1823.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
vendor_redhat·2014-02-06·CVSS 4.3
CVE-2014-2018 [MEDIUM] Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Statement: This issue was resolved in the version of thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 via RHSA-2013:1823.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-25
Published