PT-2017-14696 · Amazon · Amazon Audible For Windows

Publicado

2017-12-06

Atualizado

2017-12-20

CVE-2017-17069

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Amazon Audible for Windows versions prior to November 2017

Description The issue allows attackers to execute arbitrary DLL code. This can happen when ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

Recommendations For Amazon Audible for Windows versions prior to November 2017, update to a version released after November 2017 to resolve the issue.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

CVE-2017-17069

Produtos afetados

Amazon Audible For Windows

PT-2017-14696 · Amazon · Amazon Audible For Windows

CVE-2017-17069

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5