Lucene search

Ubuntu.comUB:CVE-2023-46814

HistoryNov 22, 2023 - 12:00 a.m.

CVE-2023-46814

2023-11-2200:00:00

ubuntu.com

cve-2023-46814

videolan vlc

binary hijacking

windows

arbitrary code execution

elevated privileges

uninstaller

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A binary hijacking vulnerability exists within the VideoLAN VLC media
player before 3.0.19 on Windows. The uninstaller attempts to execute code
with elevated privileges out of a standard user writable location. Standard
users may use this to gain arbitrary code execution as SYSTEM.

Notes

Author	Note
alexmurray	Only affects VLC on Windows, Ubuntu is not affected

References

launchpad.net/bugs/cve/CVE-2023-46814

nvd.nist.gov/vuln/detail/CVE-2023-46814

security-tracker.debian.org/tracker/CVE-2023-46814

www.cve.org/CVERecord?id=CVE-2023-46814

www.videolan.org/security/sb-vlc3019.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2023-46814