CVE-2022-0280
7.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
Summary
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee | McAfee Total Protection for Windows | unspecified <= 16.0.42 | affected |
Weaknesses
- CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.