CVE-2017-20123

Sažetak

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.

Reference

https://github.com/kacperszurek/exploits/tree/master/Viscosity
https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/
http://seclists.org/fulldisclosure/2017/Feb/1
https://vuldb.com/?id.96639

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-07-2022 - 00:23

Objavljeno

30-06-2022 - 05:15