Vulnerabilities > Mcafee > Virusscan Enterprise > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-10 CVE-2020-7280 Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links.
local
low complexity
mcafee CWE-269
7.8
2020-06-10 CVE-2019-3585 Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.
local
low complexity
mcafee CWE-269
7.8
2020-05-08 CVE-2020-7267 Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
low complexity
mcafee CWE-269
8.4
2020-05-08 CVE-2020-7266 Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 1.9.0/1.9.1/2.0.0
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file.
local
low complexity
mcafee CWE-269
8.4
2009-04-30 CVE-2009-1348 Improper Input Validation vulnerability in Mcafee products
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
network
high complexity
mcafee CWE-20
7.6
2007-04-19 CVE-2007-2152 Buffer Overflow vulnerability in Mcafee Virusscan Enterprise 8.0I
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
7.9
2005-12-23 CVE-2005-4505 Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
local
low complexity
mcafee
7.2