Threat Encyclopedia

Null Pointer Dereference, Improper Access Control, and Cross Site Scripting Vulnerabilities for McAfee Endpoint Security with ID SB10345


A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly. This varies by machine and had partial protection prior to this update. The improper access control vulnerability prevents the installation of some ENS files and also allows authenicated local administrator user to perform an uninstallation of the anti-malware engine. The cross site scripting vulnerability allows an ENS ePO administrator to add a script to a policy event.

affected-products-logoAffected Products

McAfee Endpoint Security