CVE-2024-6473

CVSS v4.0

8.4

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Yandex Browser for Desktop versions prior to 24.7.1.380

Description The issue is related to the use of an untrusted search path, which can allow an attacker to execute arbitrary code by loading a specially crafted DLL file. This is a DLL Hijacking Vulnerability.

Recommendations For Yandex Browser for Desktop versions prior to 24.7.1.380, update to version 24.7.1.380 or later to resolve the issue. As a temporary workaround, consider restricting the use of untrusted search paths to minimize the risk of exploitation.

Exploit

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALT-PU-2024-14996

ALT-PU-2024-15041

ALT-PU-2024-15575

BDU:2024-06704

CVE-2024-6473

Affected Products

Alt Linux

Yandex Browser

CVE-2024-6473

Weakness Enumeration

Related Identifiers

Affected Products

References · 137