PT-2020-13133 · FFmpeg+1 · Ffmpeg+1

Published

2020-04-29

Updated

2021-07-21

CVE-2020-12473

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MonoX versions 5.1.40.5152 and earlier

Description The issue allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. This can be done by changing the Converter Executable setting, potentially allowing for the execution of malicious programs.

Recommendations For MonoX versions 5.1.40.5152 and earlier, consider restricting access to the Converter Executable setting to prevent reconfiguration to a malicious program. As a temporary workaround, monitor and limit the execution of programs that can be configured through this setting.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-12473

Affected Products

Monox

Ffmpeg

PT-2020-13133 · FFmpeg+1 · Ffmpeg+1

CVE-2020-12473

Related Identifiers

Affected Products

References · 4