cvedb.io
CVE-2021-31844
HIGH · CVSS 8.2
EPSS exploitation probability: 0%
Published 2021-09-17T14:15:08.237 · Last modified 2026-06-17T03:52:20.190

Summary

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Affected products

mcafee — data_loss_prevention_endpoint

Does this affect you?

Add your gear to cvedb and we'll alert you only when mcafee ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.