Multiple McAfee Products CVE-2017-4028 Local Code Injection Vulnerability

Multiple McAfee Products are prone to a local code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application.

Information

Bugtraq ID: 97958
Class: Input Validation Error
CVE: CVE-2017-4028

Remote: No
Local: Yes
Published: Mar 29 2017 12:00AM
Updated: Apr 21 2017 10:08PM
Credit: The vendor reported this issue.
Vulnerable: McAfee Virus Scan Enterprise 8.8 Patch 8
McAfee Total Protection 0
McAfee Internet Security 0
McAfee Host Intrusion Prevention Service 8.0 Patch 8
McAfee Host Intrusion Prevention Service 8.0 Patch 7
McAfee Host Intrusion Prevention Service 8.0
McAfee Endpoint Security 10.2
McAfee Anti-Virus Plus 0

Not Vulnerable: McAfee Virus Scan Enterprise 8.8 Patch 9
McAfee Host Intrusion Prevention Service 8.0 Patch 9

References:

• McAfee Homepage (McAfee)
  
• Security Bulletin: Updates fix a potential vulnerability in Window-based product (McAfee)
  

Source: www.securityfocus.com