Lucene search

MitreCVE-2023-48861

HistoryDec 07, 2023 - 8:15 a.m.

CVE-2023-48861

2023-12-0708:15:07

CWE-427

mitre

web.nvd.nist.gov

cve-2023-48861

ttplayer

dll hijacking

vulnerability

local attackers

privileges escalation

arbitrary code

urlmon.dll

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

baiduttplayerMatch7.0.2

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
baiduttplayer7.0.2cpe:2.3:a:baidu:ttplayer:7.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
baidu	ttplayer	7.0.2	cpe:2.3:a:baidu:ttplayer:7.0.2:::::::*

References

github.com/xieqiang11/POC4/blob/main/README.md

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-48861