PT-2023-30230 · Videolan · Vlc Media Player
Published
2023-11-22
·
Updated
2023-11-29
·
CVE-2023-46814
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VideoLAN VLC media player versions prior to 3.0.19
Description
A binary hijacking issue exists where the uninstaller attempts to execute code with elevated privileges from a location writable by standard users. This can be exploited by standard users to achieve arbitrary code execution as SYSTEM.
Recommendations
For versions prior to 3.0.19, update to version 3.0.19 or later to resolve the issue.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vlc Media Player