CVE-2023-47454

An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:netease:cloudmusic:2.10.4:*:*:*:*:windows:*:*

History

06 Dec 2023, 16:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:netease:cloudmusic:2.10.4:*:*:*:*:windows:*:*
CWE CWE-427
First Time Netease cloudmusic
Netease
References () https://github.com/xieqiang11/poc-3/tree/mainĀ - () https://github.com/xieqiang11/poc-3/tree/mainĀ - Exploit

30 Nov 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 21:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-47454

Mitre link : CVE-2023-47454

CVE.ORG link : CVE-2023-47454


JSON object : View

Products Affected

netease

  • cloudmusic
CWE
CWE-427

Uncontrolled Search Path Element