Search criteria
2 vulnerabilities found for Earth Pro by Google
CVE-2020-8895 (GCVE-0-2020-8895)
Vulnerability from nvd – Published: 2020-04-21 17:50 – Updated: 2024-08-04 10:12
VLAI?
Title
DLL Hijacking in Google Earth Pro Windows installer
Summary
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
- DLL Hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Earth Pro",
"vendor": "Google",
"versions": [
{
"lessThan": "7.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel D\u00edez Tainta"
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T20:07:40.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"solutions": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Google Earth Pro Windows installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8895",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking in Google Earth Pro Windows installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Earth Pro",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "7.3.3"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel D\u00edez Tainta"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.google.com/earth/answer/40901?hl=en",
"refsource": "MISC",
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
]
},
"solution": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8895",
"datePublished": "2020-04-21T17:50:11.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8895 (GCVE-0-2020-8895)
Vulnerability from cvelistv5 – Published: 2020-04-21 17:50 – Updated: 2024-08-04 10:12
VLAI?
Title
DLL Hijacking in Google Earth Pro Windows installer
Summary
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
- DLL Hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Earth Pro",
"vendor": "Google",
"versions": [
{
"lessThan": "7.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel D\u00edez Tainta"
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T20:07:40.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"solutions": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Google Earth Pro Windows installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8895",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking in Google Earth Pro Windows installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Earth Pro",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "7.3.3"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel D\u00edez Tainta"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.google.com/earth/answer/40901?hl=en",
"refsource": "MISC",
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
]
},
"solution": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8895",
"datePublished": "2020-04-21T17:50:11.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}