Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Virusscan_enterprise | Mcafee | 8.8 (including) | 8.8 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch1 (including) | 8.8-patch1 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch10 (including) | 8.8-patch10 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch11 (including) | 8.8-patch11 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch12 (including) | 8.8-patch12 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch13 (including) | 8.8-patch13 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch2 (including) | 8.8-patch2 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch3 (including) | 8.8-patch3 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch4 (including) | 8.8-patch4 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch5 (including) | 8.8-patch5 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch6 (including) | 8.8-patch6 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch7 (including) | 8.8-patch7 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch8 (including) | 8.8-patch8 (including) |
| Virusscan_enterprise | Mcafee | 8.8-patch9 (including) | 8.8-patch9 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10302
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10302