HIGHCVE-2019-3587CVSS 7.2

CVE-2019-3587: DLL Hijacking in McAfee Total Protection

Platform

windows

Component

mcafee-total-protection

Fixed in

16.0.R18

AI Confidence: highNVDEPSS 0.4%Reviewed: May 2026

View on NVD

Save

CVE-2019-3587 is a DLL Search Order Hijacking vulnerability affecting Microsoft Windows client systems running McAfee Total Protection (MTP) versions prior to 16.0.R18. This flaw allows a local attacker to execute arbitrary code by manipulating the order in which the system searches for DLL files. The vulnerability is particularly concerning due to its potential for privilege escalation and system compromise.

Impact and Attack Scenarios

An attacker can exploit CVE-2019-3587 by placing a malicious DLL file in a location that the system searches before the legitimate DLL. When an application attempts to load the legitimate DLL, it will instead load the attacker's malicious DLL, allowing the attacker to execute arbitrary code in the context of the application. This could lead to complete system compromise, data theft, or the installation of malware. The blast radius is limited to systems running vulnerable versions of McAfee Total Protection.

Exploitation Context

CVE-2019-3587 was published on January 23, 2019. The vulnerability has a high CVSS score, indicating a significant risk. While no widespread exploitation has been reported, DLL Search Order Hijacking vulnerabilities are often targeted by attackers. Check McAfee's security advisories for further details and updates.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.44% (63% percentile)

CVSS Vector

Affected Software

Componentmcafee-total-protection

VendorMcafee

Affected rangeFixed in

All – 16.0.R1816.0.R18

Timeline

Reserved2019-01-03
Published2019-01-23
Modified2024-08-04
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2019-3587 is to upgrade McAfee Total Protection to version 16.0.R18 or later. If an immediate upgrade is not possible, consider implementing stricter file system permissions to prevent attackers from placing malicious DLLs in vulnerable locations. Regularly scan the system for suspicious files and monitor system logs for unusual activity. After upgrading, confirm the fix by verifying the version number of McAfee Total Protection.

How to fix

Actualice McAfee Total Protection a la versión 16.0.18 o posterior. Esto solucionará la vulnerabilidad de secuestro del orden de búsqueda de DLL.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-3587 in McAfee Total Protection?

It's a DLL Search Order Hijacking vulnerability in McAfee Total Protection allowing local code execution.

Am I affected by CVE-2019-3587 in McAfee Total Protection?

If you're using McAfee Total Protection versions prior to 16.0.R18, you are vulnerable.

How do I fix CVE-2019-3587 in McAfee Total Protection?

Upgrade to McAfee Total Protection version 16.0.R18 or later.

Is CVE-2019-3587 being actively exploited?

While no widespread exploitation is reported, DLL Hijacking vulnerabilities are often targeted.

Where can I find the official McAfee Total Protection advisory for CVE-2019-3587?

Refer to McAfee's security advisories and the NVD entry for CVE-2019-3587 for detailed information.