Vulnerability identifier: #VU12533
Vulnerability risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
McAfee VirusScan
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: McAfee
Description
The vulnerability allows a physical authenticated attacker to obtain potentially sensitive information and gain elevated privileges on the target system.
The weakness exists due to VSE might spawn a process inheriting the parent's privileges when the process McTray.exe runs with elevated privileges. A physical attacker can gain access to potentially sensitive information and gain root privileges.
Mitigation
Update to version 8.8 Patch 11.
Vulnerable software versions
McAfee VirusScan: 8.8 - 8.8 Patch 10
External links
http://kc.mcafee.com/corporate/index?page=content&id=SB10237
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.