Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Earth Pro by Google
CVE-2020-8895 (GCVE-0-2020-8895)
Vulnerability from nvd – Published: 2020-04-21 17:50 – Updated: 2024-08-04 10:12
VLAI
EPSS
VEX
Title
DLL Hijacking in Google Earth Pro Windows installer
Summary
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
- DLL Hijacking
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.google.com/earth/answer/40901?hl=en | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Earth Pro",
"vendor": "Google",
"versions": [
{
"lessThan": "7.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel D\u00edez Tainta"
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T20:07:40.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"solutions": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Google Earth Pro Windows installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8895",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking in Google Earth Pro Windows installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Earth Pro",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "7.3.3"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel D\u00edez Tainta"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.google.com/earth/answer/40901?hl=en",
"refsource": "MISC",
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
]
},
"solution": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8895",
"datePublished": "2020-04-21T17:50:11.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8895 (GCVE-0-2020-8895)
Vulnerability from cvelistv5 – Published: 2020-04-21 17:50 – Updated: 2024-08-04 10:12
VLAI
EPSS
VEX
Title
DLL Hijacking in Google Earth Pro Windows installer
Summary
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
- DLL Hijacking
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.google.com/earth/answer/40901?hl=en | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Earth Pro",
"vendor": "Google",
"versions": [
{
"lessThan": "7.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel D\u00edez Tainta"
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T20:07:40.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
],
"solutions": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking in Google Earth Pro Windows installer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8895",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking in Google Earth Pro Windows installer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Earth Pro",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "7.3.3"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel D\u00edez Tainta"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.google.com/earth/answer/40901?hl=en",
"refsource": "MISC",
"url": "https://support.google.com/earth/answer/40901?hl=en"
}
]
},
"solution": [
{
"lang": "en",
"value": "Recommended to update to Google Earth Pro 7.3.3 at your earliest convenience."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8895",
"datePublished": "2020-04-21T17:50:11.000Z",
"dateReserved": "2020-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:12:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}