cvelist/2019/3xxx/CVE-2019-3667.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2019-3667",
        "STATE": "PUBLIC",
        "TITLE": "DLL Search Order Hijacking"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "McAfee TechCheck",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "prior to 3.0.0.17"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "McAfee, LLC"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "DLL Search Order Hijacking vulnerability"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996",
                "refsource": "CONFIRM",
                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}
- Synchronized data. 2019-01-03 08:04:21 -05:00			`{`
"-Synchronized-Data." 2019-03-18 03:13:42 +00:00			`"CVE_data_meta": {`
CVE-2019-3667 SB is already live 2019-12-11 11:51:17 +05:30			`"ASSIGNER": "psirt@mcafee.com",`
"-Synchronized-Data." 2019-03-18 03:13:42 +00:00			`"ID": "CVE-2019-3667",`
CVE-2019-3667 SB is already live 2019-12-11 11:51:17 +05:30			`"STATE": "PUBLIC",`
			`"TITLE": "DLL Search Order Hijacking"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "McAfee TechCheck",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_value": "prior to 3.0.0.17"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "McAfee, LLC"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2019-03-18 03:13:42 +00:00			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
CVE-2019-3667 SB is already live 2019-12-11 11:51:17 +05:30			`"value": "DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 6.6,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "DLL Search Order Hijacking vulnerability"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996",`
			`"refsource": "CONFIRM",`
			`"url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996"`
"-Synchronized-Data." 2019-03-18 03:13:42 +00:00			`}`
			`]`
CVE-2019-3667 SB is already live 2019-12-11 11:51:17 +05:30			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2019-03-18 03:13:42 +00:00			`}`
CVE-2019-3667 SB is already live 2019-12-11 11:51:17 +05:30			`}`