CVE-2019-3652

Summary

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Affected Software

VendorProductVersion RangeStatus
McAfee, LLCMcAfee Endpoint Security (ENS)10.6.x < 10.6.1affected
McAfee, LLCMcAfee Endpoint Security (ENS)10.5.x < 10.5.5affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References