Search criteria
1 vulnerability by vso-software
CVE-2024-10093 (GCVE-0-2024-10093)
Vulnerability from cvelistv5 – Published: 2024-10-17 22:31 – Updated: 2024-10-18 17:20
VLAI?
Title
VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path
Summary
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VSO | ConvertXtoDvd |
Affected:
7.0.0.83
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vso:convertxtodvd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "convertxtodvd",
"vendor": "vso",
"versions": [
{
"status": "affected",
"version": "7.0.0.83"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:13:38.644805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:20:02.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ConvertXtoDvd",
"vendor": "VSO",
"versions": [
{
"status": "affected",
"version": "7.0.0.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in VSO ConvertXtoDvd 7.0.0.83 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil in der Bibliothek avcodec.dll der Datei ConvertXtoDvd.exe. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T22:31:03.384Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280758 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.280758"
},
{
"name": "VDB-280758 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280758"
},
{
"name": "Submit #420798 | VSO Software ConvertXtoDVD 7.0.0.83 DLL Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.420798"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-17T18:18:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10093",
"datePublished": "2024-10-17T22:31:03.384Z",
"dateReserved": "2024-10-17T16:12:59.215Z",
"dateUpdated": "2024-10-18T17:20:02.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}