Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1305

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2015-1305
Last Modified 19 Feb 2015 01:57:04
Published 06 Feb 2015 10:59:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1305

Summary

McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.

Vulnerable Systems

Application

  • Mcafee Data Loss Prevention Endpoint 9.3.300


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10097

OSVDB - 117345

MISC - http://www.greyhathacker.net/?p=818

XF - mcafee-dlp-cve20151305-priv-esc(100602)

EXPLOIT-DB - 35953

MISC - http://packetstormsecurity.com/files/130177/McAfee-Data-Loss-Prevention-Endpoint-Privilege-Escalation.html


Last Updated: 27 May 2016 11:07:48