CVE-2019-3667

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
trellixCNA
6.6 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
mcafeetechcheck
𝑥
≤ 3.0.0.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996