Vulnerabilities > Mcafee > Virusscan Enterprise > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-7280 | Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8 Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. | 7.8 |
| 2020-06-10 | CVE-2019-3585 | Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8 Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | 7.8 |
| 2020-05-08 | CVE-2020-7267 | Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 8.8 Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. | 8.4 |
| 2020-05-08 | CVE-2020-7266 | Improper Privilege Management vulnerability in Mcafee Virusscan Enterprise 1.9.0/1.9.1/2.0.0 Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. | 8.4 |
| 2009-04-30 | CVE-2009-1348 | Improper Input Validation vulnerability in Mcafee products The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. | 7.6 |
| 2007-04-19 | CVE-2007-2152 | Buffer Overflow vulnerability in Mcafee Virusscan Enterprise 8.0I Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. | 7.9 |
| 2005-12-23 | CVE-2005-4505 | Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path. | 7.2 |