McAfee Data Loss Prevention up to 11.3.2 on Windows Message memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in McAfee Data Loss Prevention up to 11.3.2 on Windows. This vulnerability affects unknown code. Executing a manipulation as part of Message can lead to memory corruption. This vulnerability is tracked as CVE-2019-3633. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability classified as critical was found in McAfee Data Loss Prevention up to 11.3.2 on Windows (Data Loss Prevention Software). This vulnerability affects an unknown code block. The manipulation as part of a Message leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory.
The weakness was disclosed 08/21/2019 (Website). The advisory is shared for download at kc.mcafee.com. This vulnerability was named CVE-2019-3633 since 01/03/2019. The attack needs to be approached locally. The requirement for exploitation is a single authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 11.3.2.8 eliminates this vulnerability.
The entries VDB-117791 and VDB-140573 are pretty similar. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mcafee.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.4
VulDB Base Score: 6.6
VulDB Temp Score: 6.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CNA Base Score: 4.4
CNA Vector (Trellix): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Data Loss Prevention 11.3.2.8
Timeline
01/03/2019 🔍08/21/2019 🔍
08/22/2019 🔍
11/28/2023 🔍
Sources
Vendor: mcafee.comAdvisory: kc.mcafee.com
Status: Not defined
Confirmation: 🔍
CVE: CVE-2019-3633 (🔍)
GCVE (CVE): GCVE-0-2019-3633
GCVE (VulDB): GCVE-100-140572
See also: 🔍
Entry
Created: 08/22/2019 09:58Updated: 11/28/2023 13:32
Changes: 08/22/2019 09:58 (59), 08/02/2020 18:38 (1), 11/28/2023 13:32 (14)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.