HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2019-3588 - McAfee - Improper Privilege Management

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

When a threat is detected and the Alert Notifications are turned on (On-Access Scan Messages), the ‘Alert Message’ window would open with Admin privileges, allowing a standard user to interact with the available menus with elevated privileges. In certain conditions, this issue may also cause the On-Access Scan Messages window to pop-up on top of the Windows Lock Screen.

Trellix Security Bulletin SB10302


buy me a coffee