Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-9920

Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.

Published

2017-03-14T22:59:00.307

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	application_control	6.0.0	Yes
Application	mcafee	application_control	6.0.1	Yes
Application	mcafee	application_control	6.1.0	Yes
Application	mcafee	application_control	6.1.1	Yes
Application	mcafee	application_control	6.1.2	Yes
Application	mcafee	application_control	6.1.3	Yes

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10077 Vendor Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10077 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)