CVE-2018-6546

2018-04-13T16:29:00
ID CVE-2018-6546
Type cve
Reporter cve@mitre.org
Modified 2018-05-21T17:07:00

Description

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.