Published: 06/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

McAfee Data Loss Prevention Endpoint (DLPe) prior to 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mcafee data_loss_prevention_endpoint

/* Exploit Title - McAfee Data Loss Prevention Endpoint Arbitrary Write Privilege Escalation Date - 29th January 2015 Discovered by - Parvez Anwar (@parvezghh) Vendor Homepage - wwwmcafeecom Tested Version - 9320023 Driver Version - 9320023 - hdlpctrlsys Tested on OS - 32bit Windows XP SP3 and Windows 200 ...

McAfee Data Loss Prevention Endpoint version 9320023 suffers from an arbitrary write privilege escalation vulnerability ...

CWE-264 https://kc.mcafee.com/corporate/index?page=content&id=SB10097 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/show/osvdb/117345 http://www.exploit-db.com/exploits/35953 http://packetstormsecurity.com/files/130177/McAfee-Data-Loss-Prevention-Endpoint-Privilege-Escalation.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100602 https://nvd.nist.gov https://www.exploit-db.com/exploits/35953/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1305

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect