From a434cda22d9ed28ba9fc1f5a64fa432cfe4576da Mon Sep 17 00:00:00 2001
From: sbhatiMcafee <52496610+sbhatiMcafee@users.noreply.github.com>
Date: Wed, 11 Dec 2019 11:51:17 +0530
Subject: [PATCH] CVE-2019-3667

SB is already live
---
 2019/3xxx/CVE-2019-3667.json | 76 ++++++++++++++++++++++++++++++++++--
 1 file changed, 72 insertions(+), 4 deletions(-)

diff --git a/2019/3xxx/CVE-2019-3667.json b/2019/3xxx/CVE-2019-3667.json
index 58c20d1273d..8e887571433 100644
--- a/2019/3xxx/CVE-2019-3667.json
+++ b/2019/3xxx/CVE-2019-3667.json
@@ -1,8 +1,33 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@mcafee.com",
         "ID": "CVE-2019-3667",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "DLL Search Order Hijacking"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "McAfee TechCheck",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "prior to 3.0.0.17"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "McAfee, LLC"
+                }
+            ]
+        }
     },
     "data_format": "MITRE",
     "data_type": "CVE",
@@ -11,8 +36,51 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "LOW",
+            "baseScore": 6.6,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "DLL Search Order Hijacking vulnerability"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996",
+                "refsource": "CONFIRM",
+                "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102996"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "EXTERNAL"
     }
-}
\ No newline at end of file
+}