Description
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- changed
- Confidentiality
- none
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-367CWE-367
Metadata
- Primary Vendor
- MICROSOFT
- Published
- 3/10/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
microsoft : windows
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.