Lucene search

K
cveZdiCVE-2018-1169
HistoryMar 02, 2018 - 1:29 a.m.

CVE-2018-1169

2018-03-0201:29:00
CWE-78
CWE-20
zdi
web.nvd.nist.gov
24
vulnerability
remote code execution
amazon music player
cve-2018-1169
nvd
zdi-can-5521

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.037

Percentile

91.9%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.

Affected configurations

Nvd
Vulners
Node
amazonamazon_musicMatch6.1.5.1213
VendorProductVersionCPE
amazonamazon_music6.1.5.1213cpe:2.3:a:amazon:amazon_music:6.1.5.1213:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Amazon Music Player",
    "vendor": "Amazon",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.5.1213"
      }
    ]
  }
]

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.037

Percentile

91.9%

Related for CVE-2018-1169