CVE-2019-12569

EPSS 3.22%
Veröffentlicht 03.06.2019 01:29:00
Zuletzt bearbeitet 21.11.2024 04:23:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rakuten ≫ Viber SwPlatformwindows Version < 10.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.22%	0.866

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-006.md

https://nvd.nist.gov/vuln/detail/CVE-2019-12569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12569

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-12569