Vulnerability Database

314,452

Total vulnerabilities in the database

CVE-2019-3652

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Published: Oct 9, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-3652
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
mcafee / endpoint_security	10.5.0	10.5.5.x
mcafee / endpoint_security	10.6.0	10.6.1
mcafee / endpoint_security	10.6.1	10.6.1.x

https://kc.mcafee.com/corporate/index?page=content&id=SB10299

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo