Description
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- high
- User Action
- required
- Scope
- changed
- Confidentiality
- none
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-427
Metadata
- Primary Vendor
- MCAFEE
- Published
- 1/11/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mcafee : techcheck
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.