PT-2017-14696 · Amazon · Amazon Audible For Windows

Published

2017-12-06

Updated

2017-12-20

CVE-2017-17069

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Amazon Audible for Windows versions prior to November 2017

Description The issue allows attackers to execute arbitrary DLL code. This can happen when ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

Recommendations For Amazon Audible for Windows versions prior to November 2017, update to a version released after November 2017 to resolve the issue.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2017-17069

Affected Products

Amazon Audible For Windows

PT-2017-14696 · Amazon · Amazon Audible For Windows

CVE-2017-17069

Weakness Enumeration

Related Identifiers

Affected Products

References · 5