April 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Severity
High
Analysis Summary
CVE-2021-31844
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges by placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
CVE-2021-31845
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
Impact
- Buffer Copy without Checking Size of Input.
Affected Vendors
McAfee
Affected Products
- Data Loss Prevention Prior to 11.6.200
- DLP Discover Prior to 11.6.100
Remediation
Customers using DLP Endpoint for Windows should update to 11.6.200 or later.
Customers using DLP Discover should update to 11.6.100 or later.
For complete support visit the McAfee website.
https://kc.mcafee.com/corporate/index?page=content&id=SB10368
