CVE-2017-4028 - OpenCVE

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mcafee	Virus Scan Enterprise Internet Security Total Protection Endpoint Security Anti-virus Plus Host Intrusion Prevention
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:mcafee:anti-virus_plus:-:::::::*
	cpe:2.3:a:mcafee:endpoint_security:10.2:::::::*
	cpe:2.3:a:mcafee:host_intrusion_prevention::::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_1::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_2::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_3::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_4::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_5::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_6::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_7::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_8::::::
	cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_9::::::
	cpe:2.3:a:mcafee:internet_security:-:::::::*
	cpe:2.3:a:mcafee:total_protection:-:::::::*
	cpe:2.3:a:mcafee:virus_scan_enterprise::::::::
	cpe:2.3:a:mcafee:virus_scan_enterprise:8.8:patch_9::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97958
https://kc.mcafee.com/corporate/index?page=content&id=SB10193

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2017-05-12T00:00:00

Updated: 2018-04-04T09:57:01

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-4028

JSON object: View

NVD Information

Status : Modified

Published: 2018-04-03T22:29:00.523

Modified: 2023-11-07T02:44:46.533

Link: CVE-2017-4028

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"containers": {"cna": {"affected": [{"product": "McAfee Anti-Virus Plus (AVP)", "vendor": "McAfee", "versions": [{"lessThan": "29 Mar 2017", "status": "affected", "version": "170329", "versionType": "custom"}]}, {"product": "McAfee Endpoint Security (ENS)", "vendor": "McAfee", "versions": [{"lessThan": "10.2 DAT V3 DAT 2932.0", "status": "affected", "version": "10.2", "versionType": "custom"}]}, {"product": "McAfee Host Intrusion Prevention (Host IPS)", "vendor": "McAfee", "versions": [{"lessThan": "8.0 Patch 9 Hotfix 1188590", "status": "affected", "version": "8.0", "versionType": "custom"}]}, {"product": "McAfee Internet Security (MIS)", "vendor": "McAfee", "versions": [{"lessThan": "29 Mar 2017", "status": "affected", "version": "170329", "versionType": "custom"}]}, {"product": "McAfee Total Protection (MTP)", "vendor": "McAfee", "versions": [{"lessThan": "29 Mar 2017", "status": "affected", "version": "170329", "versionType": "custom"}]}, {"product": "McAfee Virus Scan Enterprise (VSE)", "vendor": "McAfee", "versions": [{"lessThan": "8.8 Patch 8/9 Hotfix 1187884", "status": "affected", "version": "8.8", "versionType": "custom"}]}], "datePublic": "2017-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Maliciously misconfigured registry vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-04T09:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"}, {"name": "97958", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97958"}], "source": {"advisory": "SB10193", "discovery": "EXTERNAL"}, "title": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2017-05-12T17:00:00.000Z", "ID": "CVE-2017-4028", "STATE": "PUBLIC", "TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "McAfee Anti-Virus Plus (AVP)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "170329", "version_value": "29 Mar 2017"}]}}, {"product_name": "McAfee Endpoint Security (ENS)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "10.2", "version_value": "10.2 DAT V3 DAT 2932.0"}]}}, {"product_name": "McAfee Host Intrusion Prevention (Host IPS)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "8.0", "version_value": "8.0 Patch 9 Hotfix 1188590"}]}}, {"product_name": "McAfee Internet Security (MIS)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "170329", "version_value": "29 Mar 2017"}]}}, {"product_name": "McAfee Total Protection (MTP)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "170329", "version_value": "29 Mar 2017"}]}}, {"product_name": "McAfee Virus Scan Enterprise (VSE)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "8.8", "version_value": "8.8 Patch 8/9 Hotfix 1187884"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Maliciously misconfigured registry vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"}, {"name": "97958", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97958"}]}, "source": {"advisory": "SB10193", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2017-4028", "datePublished": "2017-05-12T00:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2018-04-04T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:anti-virus_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F3320DA-317A-4668-8CB7-B253CF4E26BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:endpoint_security:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDA3764B-02A5-4CB8-A2CF-BDEC69A3F1F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B258695-3C79-4EF0-9F57-96867BBCE2B9", "versionEndIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_1:*:*:*:*:*:*", "matchCriteriaId": "551CDFD4-6CB5-478C-87BD-E8FCA2564452", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_2:*:*:*:*:*:*", "matchCriteriaId": "3C8C36BD-4C81-43A2-A1B0-FD6FC43D7077", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_3:*:*:*:*:*:*", "matchCriteriaId": "7507AF42-7435-408F-8D13-12AEB6BD2D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_4:*:*:*:*:*:*", "matchCriteriaId": "0DF5032E-F91D-48D8-AAEE-35784BD87778", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_5:*:*:*:*:*:*", "matchCriteriaId": "22BBD8D0-3D09-4A0C-AF5F-5655329D01E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_6:*:*:*:*:*:*", "matchCriteriaId": "143B1FC1-CD35-411F-B67F-4879DCE4531F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_7:*:*:*:*:*:*", "matchCriteriaId": "31C16E08-FFB3-426E-9A9F-D496A50F10BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_8:*:*:*:*:*:*", "matchCriteriaId": "E096860A-4AA2-4A3F-8B45-998E6E48F175", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0:patch_9:*:*:*:*:*:*", "matchCriteriaId": "91D6F788-8D23-44D8-AFAF-780F45885341", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:internet_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B53E987-4329-4FA9-AC94-0286D64B7E88", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:total_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "251D56EC-7153-451F-A558-92E0F5BFACEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:virus_scan_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EF52F97-EC0A-4CE9-A62B-4881210CA186", "versionEndIncluding": "8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:virus_scan_enterprise:8.8:patch_9:*:*:*:*:*:*", "matchCriteriaId": "6E4B5233-94A6-4E3E-B13B-08C6633BDCF7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."}, {"lang": "es", "value": "Vulnerabilidad de registro maliciosamente configurado en todos los productos Microsoft Windows en productos para consumidores y empresas de McAfee permite que un administrador inyecte c\u00f3digo arbitrario en un proceso McAffee depurado mediante la manipulaci\u00f3n de par\u00e1metros de registro."}], "id": "CVE-2017-4028", "lastModified": "2023-11-07T02:44:46.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2018-04-03T22:29:00.523", "references": [{"source": "trellixpsirt@trellix.com", "url": "http://www.securityfocus.com/bid/97958"}, {"source": "trellixpsirt@trellix.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}