HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

Home

  • CVE-2019-3585 - McAfee - Improper Privilege Management

    Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.


  • Windows 7 ESU Patching Changelog

    Update 2025-04-17

    • Replaced January 2025 Servicing Stack Update (KB5050681) with April 2025 Servicing Stack Update (KB5056456) (x64 only).
    • Replaced March 2025 Monthly Update (KB5053620) with April 2025 Monthly Update (KB5055561) (x64 only).
    • Replaced January 2025 .NET Framework 4.8 Update (KB5049619) with April 2025 .NET Framework 4.8 Update (KB5055171) (x64 only).
    • Updated Microsoft EV ECC Root Certificate Authority 2017.crl.
    • Updated Microsoft EV RSA Root Certificate Authority 2017.crl.
    • Updated Microsoft ECC Product Root Certificate Authority 2018.crl.
    • Updated Microsoft ECC TS Root Certificate Authority 2018.crl.

  • CVE-2020-11443 - Zoom - Incorrect Permission Assignment for Critical Resource

    The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files otherwise not deletable by the user.


  • CVE-2020-7274 - McAfee - Improper Privilege Management

    Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges.


  • CVE-2020-7255 - McAfee - Improper Privilege Management

    Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via a configuration error.



     Page: 12 of 13     
buy me a coffee