McAfee antivirus software impacted by code execution vulnerability

Researchers have revealed a serious code execution vulnerability impacting all editions of McAfee software.

On Tuesday, the SafeBreach Labs cybersecurity team said that CVE-2019-3648 can be used to bypass McAfee’s self-defense mechanisms, potentially leading to further attacks on a compromised system.

The vulnerability exists due to a failure to validate whether or not loading DLLs have been signed, and a path issue in which wbemprox.dll attempts to load wbemcomn.dll from its working directory, rather than its actual location in the System32 folder.

As a result, arbitrary, unsigned DLLs can be loaded into multiple services that run as NT AUTHORITY\SYSTEM.

Read more…
Source: ZDNet