Published: 02/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key prior to 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mcafee true_key

When is a patch not a patch? When it's for this McAfee password bug

The Register • Shaun Nichols in San Francisco • 11 Sep 2018

Vulnerability still open to all despite multiple fixes Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of privilege issue in McAfee's TrueKey password manager. An exploit can be carried out on a guest account by side-loading a specially-crafted DLL into True Key that would then al...

CVE-2018-6661

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect