The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of McAfee Virus Scan

cybersecurity vulnerability 29591

McAfee: read-write access via Process Reimaging

Synthesis of the vulnerability

An attacker can bypass access restrictions via Process Reimaging of McAfee, in order to read or alter data.
Severity: 2/4.
Creation date: 21/06/2019.
Identifiers: SB10283, VIGILANCE-VUL-29591.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via Process Reimaging of McAfee, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-6674

McAfee VirusScan Enterprise: privilege escalation via Configuration Information

Synthesis of the vulnerability

An attacker can bypass restrictions via Configuration Information of McAfee VirusScan Enterprise, in order to escalate his privileges.
Severity: 1/4.
Creation date: 11/05/2018.
Identifiers: CVE-2018-6674, SB10237, VIGILANCE-VUL-26117.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Configuration Information of McAfee VirusScan Enterprise, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2017-3736

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: 2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2016-8030

McAfee VirusScan Enterprise: memory corruption via IE Scriptscan COM Object

Synthesis of the vulnerability

An attacker can generate a memory corruption via IE Scriptscan COM Object of McAfee VirusScan Enterprise, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 12/04/2017.
Identifiers: CVE-2016-8030, SB10194, VIGILANCE-VUL-22423.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via IE Scriptscan COM Object of McAfee VirusScan Enterprise, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2017-4028

McAfee Virus Scan Enterprise: privilege escalation via Registry Debugger

Synthesis of the vulnerability

An attacker can bypass restrictions via Registry Debugger of McAfee Virus Scan Enterprise, in order to escalate his privileges.
Severity: 2/4.
Creation date: 31/03/2017.
Identifiers: CVE-2017-4028, SB10193, VIGILANCE-VUL-22299.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Registry Debugger of McAfee Virus Scan Enterprise, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2017-5565 CVE-2017-5566 CVE-2017-5567

Antivirus: privilege escalation via Microsoft Application Verifier

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 22/03/2017.
Identifiers: 1116957, CVE-2017-5565, CVE-2017-5566, CVE-2017-5567, CVE-2017-6186, CVE-2017-6417, VIGILANCE-VUL-22211.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin 21380

McAfee VirusScan Enterprise for Windows: memory corruption via scriptproxy

Synthesis of the vulnerability

An attacker can generate a memory corruption via scriptproxy of McAfee VirusScan Enterprise for Windows, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 14/12/2016.
Revision date: 13/02/2017.
Identifiers: VIGILANCE-VUL-21380, VU#535111.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption via scriptproxy of McAfee VirusScan Enterprise for Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2016-8016 CVE-2016-8017 CVE-2016-8018

McAfee VirusScan Enterprise: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of McAfee VirusScan Enterprise.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 12/12/2016.
Identifiers: CERTFR-2016-AVI-408, CVE-2016-8016, CVE-2016-8017, CVE-2016-8018, CVE-2016-8019, CVE-2016-8020, CVE-2016-8021, CVE-2016-8022, CVE-2016-8023, CVE-2016-8024, CVE-2016-8025, SB10181, VIGILANCE-VUL-21358, VU#245327, VU#535111.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in McAfee VirusScan Enterprise.

An attacker can bypass security features, in order to obtain sensitive information. [severity:1/4; CVE-2016-8016]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-8017]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-8018]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-8019]

An attacker can tamper with HTTP requests, in order to make a code generator run arbitrary code. [severity:3/4; CVE-2016-8020]

An attacker can make profit of a wrong signature check in order to tamper with sensitive files. [severity:2/4; CVE-2016-8021]

An attacker can spoof an identity, in order to run code. [severity:3/4; CVE-2016-8022]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-8023]

An attacker can tamper with end of lines of HTTP requests, in order to obtain sensitive information. [severity:3/4; CVE-2016-8024]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2016-8025]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2016-4534

McAfee VirusScan Enterprise: unlocking console

Synthesis of the vulnerability

A local attacker can bypass the password protection of the McAfee VirusScan Enterprise console, in order to alter the product configuration.
Severity: 2/4.
Creation date: 04/05/2016.
Identifiers: CVE-2016-4534, SB10158, VIGILANCE-VUL-19520.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The McAfee VirusScan Enterprise product has a console protected by a password.

However, a local attacker can close handles of mcconsole.exe, to unlock the console.

A local attacker can therefore bypass the password protection of the McAfee VirusScan Enterprise console, in order to alter the product configuration.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2016-3984

McAfee VirusScan Enterprise: bypassing of self-protection

Synthesis of the vulnerability

A local attacker can bypass the self-protection of McAfee VirusScan Enterprise, in order to elevate his privileges.
Severity: 2/4.
Creation date: 26/02/2016.
Revision date: 07/03/2016.
Identifiers: CVE-2016-3984, SB10151, VIGILANCE-VUL-19035.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The McAfee VirusScan Enterprise product has a self-protection mechanism to forbid the local administrator from disabling the service.

However, a local attacker can bypass this mechanism and stop the antivirus.

A local attacker can therefore bypass the self-protection of McAfee VirusScan Enterprise, in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about McAfee Virus Scan: