cbcvebase.

Mcafee Virusscan Enterprise vulnerabilities

28 known vulnerabilities affecting mcafee/virusscan_enterprise.

Total CVEs
28
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM10LOW6

Vulnerabilities

Page 2 of 2
CVE-2007-1538P4HIGHCVSS 7.5v8.5i2007-03-20
CVE-2007-1538 [HIGH] CVE-2007-1538: McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, whi McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disput
nvd
CVE-2020-7337P4MEDIUMCVSS 6.7fixed in 8.8v8.82020-12-09
CVE-2020-7337 [MEDIUM] CWE-732 CVE-2020-7337: Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise ( Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of the Code Integrity checks.
nvd
CVE-2019-3588P4MEDIUMCVSS 6.8v8.82020-06-10
CVE-2019-3588 [MEDIUM] CWE-269 CVE-2019-3588: Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Ente Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.
nvd
CVE-2016-8030P4MEDIUMCVSS 4.3≤ 8.8.0v8.8 Patch 8 and earlier2017-04-25
CVE-2016-8030 [MEDIUM] CWE-119 CVE-2016-8030: A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.
nvd
CVE-2018-6674P4LOWCVSS 3.9v8.8.02018-05-25
CVE-2018-6674 [LOW] CWE-264 CVE-2018-6674: Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Ente Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
nvd
CVE-2015-8577P4LOWCVSS 2.6≤ 8.8.02015-12-16
CVE-2015-8577 [LOW] CWE-264 CVE-2015-8577: The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 alloc The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
nvd
CVE-2006-4886P4LOWCVSS 3.7v7.1.02006-09-19
CVE-2006-4886 [LOW] CVE-2006-4886: The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 a The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
nvd
CVE-2010-5143P4LOWCVSS 2.6≤ 8.7.0v8.0i+5 more2012-08-22
CVE-2010-5143 [LOW] CWE-264 CVE-2010-5143: McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging admin McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
nvd
Mcafee Virusscan Enterprise vulnerabilities | cvebase