CVE-2022-0129 HIGH

CVE-2022-0129: DLL Highjack vulnerability in McAfee TechCheck utility

Vendor Mcafee,Llc
Product McAfee TechCheck
Weakness CWE-427
Published January 11, 2022
Last update August 2, 2024

CVSS base score

7.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.

Key dates

02Disclosure timeline

January 11, 2022 CVE published
August 2, 2024 Record updated