A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10368 | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
History
15 Nov 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.3 |
CWE | CWE-120 | |
First Time |
Microsoft windows
Microsoft |
|
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10368 - Broken Link |
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10368 - |
01 Oct 2021, 13:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10368 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:windows:*:* |
17 Sep 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-17 14:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-31844
Mitre link : CVE-2021-31844
CVE.ORG link : CVE-2021-31844
JSON object : View
Products Affected
microsoft
- windows
mcafee
- data_loss_prevention_endpoint
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')