OWASP Top Ten 2007 Category A3 - Malicious File Execution

CVE-2019-3646

Medium

6.9/10

Summary

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-714 - OWASP Top Ten 2007 Category A3 - Malicious File Execution

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2007.

References

Advisory Timeline

Published Sep 13, 2019

OWASP Top Ten 2007 Category A3 - Malicious File Execution

CVE-2019-3646

Summary

CWE-714 - OWASP Top Ten 2007 Category A3 - Malicious File Execution

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS