CVE-2017-4028

Published: Apr 3, 2018

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.0

5.0

MEDIUM

Description

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

Vendor	Product	Versions
McAfee	McAfee Anti-Virus Plus (AVP)	affected `170329 - < 29 Mar 2017`
McAfee	McAfee Endpoint Security (ENS)	affected `10.2 - < 10.2 DAT V3 DAT 2932.0`
McAfee	McAfee Host Intrusion Prevention (Host IPS)	affected `8.0 - < 8.0 Patch 9 Hotfix 1188590`
McAfee	McAfee Internet Security (MIS)	affected `170329 - < 29 Mar 2017`
McAfee	McAfee Total Protection (MTP)	affected `170329 - < 29 Mar 2017`
McAfee	McAfee Virus Scan Enterprise (VSE)	affected `8.8 - < 8.8 Patch 8/9 Hotfix 1187884`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10193

x_refsource_CONFIRM

97958

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-4028

Description

Affected Products

CVSS v3.0 Details

References