Search criteria
3 vulnerabilities found for cloudmusic by netease
FKIE_CVE-2023-47454
Vulnerability from fkie_nvd - Published: 2023-11-30 21:15 - Updated: 2024-11-21 08:30
Severity ?
Summary
An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netease | cloudmusic | 2.10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netease:cloudmusic:2.10.4:*:*:*:*:windows:*:*",
"matchCriteriaId": "3F3787BD-EC4F-4DE4-BD7D-B0F73EBC20CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en NetEase CloudMusic 2.10.4 para Windows permite a los usuarios locales obtener privilegios aumentados a trav\u00e9s del archivo urlmon.dll en el directorio de trabajo actual."
}
],
"id": "CVE-2023-47454",
"lastModified": "2024-11-21T08:30:17.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T21:15:08.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/xieqiang11/poc-3/tree/main"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/xieqiang11/poc-3/tree/main"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-47454 (GCVE-0-2023-47454)
Vulnerability from cvelistv5 – Published: 2023-11-30 00:00 – Updated: 2024-08-02 21:09
VLAI?
Summary
An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xieqiang11/poc-3/tree/main"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:38:28.360082",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/xieqiang11/poc-3/tree/main"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47454",
"datePublished": "2023-11-30T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-02T21:09:37.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47454 (GCVE-0-2023-47454)
Vulnerability from nvd – Published: 2023-11-30 00:00 – Updated: 2024-08-02 21:09
VLAI?
Summary
An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xieqiang11/poc-3/tree/main"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:38:28.360082",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/xieqiang11/poc-3/tree/main"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47454",
"datePublished": "2023-11-30T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-02T21:09:37.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}