Vulnerability-Lookup

CNVD-2024-41703

Vulnerability from cnvd - Published: 2024-10-25

Title

VSO ConvertXtoDvd代码问题漏洞

Description

VSO ConvertXtoDvd是VSO公司的一款可以将视频转换为任何格式的软件。 VSO ConvertXtoDvd 7.0.0.83版本存在代码问题漏洞，该漏洞源于文件ConvertXtoDvd.exe的函数avcodec.dll会导致不受控制的搜索路径。目前没有详细漏洞细节提供。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.vso-software.fr/products/convert_x_to_dvd/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-10093

Impacted products

Name
VSO ConvertXtoDvd 7.0.0.83

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-10093"
    }
  },
  "description": "VSO ConvertXtoDvd\u662fVSO\u516c\u53f8\u7684\u4e00\u6b3e\u53ef\u4ee5\u5c06\u89c6\u9891\u8f6c\u6362\u4e3a\u4efb\u4f55\u683c\u5f0f\u7684\u8f6f\u4ef6\u3002\n\nVSO ConvertXtoDvd 7.0.0.83\u7248\u672c\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6ConvertXtoDvd.exe\u7684\u51fd\u6570avcodec.dll\u4f1a\u5bfc\u81f4\u4e0d\u53d7\u63a7\u5236\u7684\u641c\u7d22\u8def\u5f84\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.vso-software.fr/products/convert_x_to_dvd/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-41703",
  "openTime": "2024-10-25",
  "products": {
    "product": "VSO ConvertXtoDvd 7.0.0.83"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-10093",
  "serverity": "\u4e2d",
  "submitTime": "2024-10-21",
  "title": "VSO ConvertXtoDvd\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2024-10093 (GCVE-0-2024-10093)

Vulnerability from cvelistv5 – Published: 2024-10-17 22:31 – Updated: 2024-10-18 17:20

Title

VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path

Summary

A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.280758	vdb-entry
	https://vuldb.com/?ctiid.280758	signaturepermissions-required
	https://vuldb.com/?submit.420798	third-party-advisory

Impacted products

	Vendor	Product	Version
	VSO	ConvertXtoDvd	Affected: 7.0.0.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vso:convertxtodvd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "convertxtodvd",
            "vendor": "vso",
            "versions": [
              {
                "status": "affected",
                "version": "7.0.0.83"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T17:13:38.644805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T17:20:02.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ConvertXtoDvd",
          "vendor": "VSO",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in VSO ConvertXtoDvd 7.0.0.83 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil in der Bibliothek avcodec.dll der Datei ConvertXtoDvd.exe. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "Uncontrolled Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-17T22:31:03.384Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-280758 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.280758"
        },
        {
          "name": "VDB-280758 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.280758"
        },
        {
          "name": "Submit #420798 | VSO Software ConvertXtoDVD 7.0.0.83 DLL Hijacking",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.420798"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-17T18:18:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10093",
    "datePublished": "2024-10-17T22:31:03.384Z",
    "dateReserved": "2024-10-17T16:12:59.215Z",
    "dateUpdated": "2024-10-18T17:20:02.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-41703

CVE-2024-10093 (GCVE-0-2024-10093)

Tags

Sightings

Nomenclature