Untrusted Search Path Vulnerability in Media Go by Sony
CVE-2017-10891

7.8HIGH

Key Information:

Vendor: Sony Video & Sound Products Inc.
Status: Media Go
Vendor: CVE Published:; 1 December 2017

🔔 Create Sony Video & Sound Products Inc. Vulnerability Alert

What is CVE-2017-10891?

The untrusted search path vulnerability present in Media Go version 3.2.0.191 and earlier alerts users to the potential for privilege escalation. An attacker can exploit this flaw by placing a malicious DLL file in a directory that Media Go searches when requiring DLLs. If successful, this could allow the attacker to execute arbitrary code with elevated privileges on the system, leading to unauthorized access and potential system compromise.

Affected Version(s)

Media Go version 3.2.0.191 and earlier

References

https://jvn.jp/en/jp/JVN08517069/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2017
Vulnerability Reserved
Jul 4, 2017