Vulnerability Description
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Data Loss Prevention Endpoint | < 11.6.200 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10368Broken Link
- https://kc.mcafee.com/corporate/index?page=content&id=SB10368Broken Link
FAQ
What is CVE-2021-31844?
CVE-2021-31844 is a vulnerability with a CVSS score of 8.2 (HIGH). A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing c...
How severe is CVE-2021-31844?
CVE-2021-31844 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31844?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Data Loss Prevention Endpoint, Microsoft Windows.