Lucene search

[email protected]NVD:CVE-2023-48861

HistoryDec 07, 2023 - 8:15 a.m.

CVE-2023-48861

2023-12-0708:15:07

CWE-427

[email protected]

web.nvd.nist.gov

ttplayer version 7.0.2

dll hijacking

local attackers

escalate privileges

execute arbitrary code

urlmon.dll

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

baiduttplayerMatch7.0.2

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
baiduttplayer7.0.2cpe:2.3:a:baidu:ttplayer:7.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
baidu	ttplayer	7.0.2	cpe:2.3:a:baidu:ttplayer:7.0.2:::::::*

References

github.com/xieqiang11/POC4/blob/main/README.md

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-48861

prion1 cvelist1 cve1