A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
References
Link | Resource |
---|---|
https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 7.0 |
CWE | CWE-367 |
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://service.mcafee.com/?articleId=TS103271&page=shell&shell=article-view - |
Information
Published : 2022-03-10 23:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-0280
Mitre link : CVE-2022-0280
CVE.ORG link : CVE-2022-0280
JSON object : View
Products Affected
mcafee
- total_protection
microsoft
- windows
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition