CVE-2014-9920
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
14/03/2017
Last modified:
20/04/2025
Description
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mcafee:application_control:6.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:application_control:6.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:application_control:6.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:application_control:6.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:application_control:6.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mcafee:application_control:6.1.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page