2019-07-24 14:28:59
trellix
PUBLISHED
Improper Neutralization of Special Elements used in a Command (Command Injection) in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.