4 matches found
CVE-2020-8895
CVE-2020-8895 refers to a DLL hijacking/Untrusted Search Path issue in the Google Earth Pro Windows installer prior to 7.3.3. An unauthenticated, local attacker can exploit the untrusted search path by placing a crafted local file to achieve remote code execution on the target system. Affected so...
CVE-2020-8896
CVE-2020-8896 — Google Earth Pro buffer overflow in khcrypt (≤7.3.2) A buffer overflow in the khcrypt implementation of Google Earth Pro versions up to and including 7.3.2 enables an attacker to perform a Man-in-the-Middle (MitM) attack by crafting a key to read data past the end of the buffer ho...
CVE-2010-3134
CVE-2010-3134 affects Google Earth 5.1.3535.3218. The issue is an insecure/ untrusted search path that allows a local user (and potentially remote attacker via crafted files) to execute arbitrary code by placing a Trojan horse quserex.dll in the same folder as a .kmz file, enabling DLL hijacking....
CVE-2006-7157
CVE-2006-7157 affects Google Earth v4.0.2091 (beta). The vulnerability is a buffer/heap overflow in the KML/KMZ processing (href in KML/KMZ files) that can cause a crash and, per OpenVAS/Nessus entries, potentially allow arbitrary code execution. Exploitation target is the Google Earth KML engine...