← back
CVE-2016-3984

CVE-2016-3984

EPSS 1.1%
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/39531/unverifiedexploitdbwww.exploit-db.com/exploits/39531unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lab.mediaservice.net/advisory/2016-01-mcafee.txthttp://seclists.org/fulldisclosure/2016/Mar/13https://kc.mcafee.com/corporate/index?page=content&id=SB10151https://www.exploit-db.com/exploits/39531/http://www.securitytracker.com/id/1035130