Vulnerability CVE-2016-8031


Published: 2017-03-28

Description:
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.

Vendor: Mcafee
Product: Anti-malware scan engine for sun solaris 
Version:
5800
5700
5600
5500
5400
5300
5200
Product: Anti-malware scan engine for linux 
Version:
5800
5700
5600
5500
5400
5300
5200
Product: Anti-malware scan engine for hp-ux 
Version:
5800
5700
5600
5500
5400
5300
5200
Product: Anti-malware scan engine for windows 
Version:
5800
5700
5600
5500
5400
5300
5200
Product: Anti-malware scan engine for aix 
Version:
5800
5700
5600
5500
5400
5300
5200
Product: Anti-malware scan engine for freebsd 
Version:
5800
5700
5600
5500
5400
5300
5200

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/97142
http://www.securitytracker.com/id/1038159
https://kc.mcafee.com/corporate/index?page=content&id=SB10191

Related CVE
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call pub...
CVE-2017-3971
Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers.
CVE-2017-3969
Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate implementation of SSL.
CVE-2017-3967
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTM...
CVE-2017-3966
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the...
CVE-2017-3965
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system informati...
CVE-2017-3964
Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.
CVE-2017-4028
Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

Copyright 2018, cxsecurity.com

 

Back to Top