PT-2020-7444 · Mplayer · Mplayer

Published

2020-02-12

Updated

2020-02-18

CVE-2013-3494

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: UMPlayer version 0.98

Description: A code execution issue exists due to insufficient path restrictions when loading external libraries, specifically in the wintab32.dll file. This could allow a malicious user to execute arbitrary code.

Recommendations: For UMPlayer version 0.98, consider restricting access to the wintab32.dll file as a temporary workaround until a patch is available.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2013-3494

Affected Products

Mplayer

PT-2020-7444 · Mplayer · Mplayer

CVE-2013-3494

Weakness Enumeration

Related Identifiers

Affected Products

References · 2