Lucene search

Kaspersky LabKLA66427

HistoryNov 03, 2023 - 12:00 a.m.

KLA66427 ACE vulnerability in VLC media player

2023-11-0300:00:00

Kaspersky Lab

threats.kaspersky.com

arbitrary code execution

security bypass

cve-2023-46814

sb-vlc3019

vlc media player

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An execute arbitrary code vulnerability was found in VLC media player. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

SB-VLC3019

Related products

VLC-media-player

CVE list

CVE-2023-46814 critical

Solution

Update to the latest version

Download VLC media player

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

VLC media player earlier than 3.0.19

References

statistics.securelist.com/

threats.kaspersky.com/en/product/VLC-media-player/

www.videolan.org/security/sb-vlc3019.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for KLA66427