DLL Hijacking Vulnerability in Amazon Audible for Windows
CVE-2017-17069

7.8HIGH

Key Information:

Vendor

Amazon

Status
Audible
Vendor
CVE Published:
6 December 2017

What is CVE-2017-17069?

The vulnerability in Amazon Audible for Windows stems from the ActiveSetupN.exe component being able to execute arbitrary DLL code when launched from directories containing a malicious dwmapi.dll file. This condition allows attackers who gain access to the specified directory to exploit this flaw, potentially leading to unauthorized code execution on the affected system.

References

https://twitter.com/LionHeartRoxx/status/936338288314540032
x_refsource_MISC
https://packetstormsecurity.com/files/145202/Amazon-Audib...
x_refsource_MISC
http://www.securityfocus.com/bid/102044
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.