CVE-2022-0129 is a vulnerability in McAfee Techcheck
Published on January 11, 2022
DLL Highjack vulnerability in McAfee TechCheck utility
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
Vulnerability Analysis
CVE-2022-0129 can be exploited with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2022-0129 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2022-0129
Want to know whenever a new CVE is published for McAfee Techcheck? stack.watch will email you.
Affected Versions
McAfee,LLC McAfee TechCheck:- Version unspecified and below 4.0.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.