CVE-2020-7315 McAfee Agent DLL injection feature image

DLL injection in McAfee Agent allowing a local administrator to kill the antivirus, or tamper with it, without knowing the McAfee password

DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.

Technical details 🔗

A complete article will be shared later. Stay tuned! 😉

External references 🔗

Timeline 🔗

  • Nov 2019: bug reported
  • Jan 2020: bug triaged and confirmed
  • Feb 2020: more info needed and McAfee asked for a re-test on the latest version
  • Mar 2020: bug re-triaged and re-confirmed
  • Aug 2020: CVE assigned
  • Sep 2020: patch released