DLL Hijacking Vulnerability in Amazon Audible for Windows
CVE-2017-17069

7.8HIGH

Key Information:

Vendor

Amazon

Status
Audible
Vendor
CVE Published:
6 December 2017

What is CVE-2017-17069?

The vulnerability in Amazon Audible for Windows stems from the ActiveSetupN.exe component being able to execute arbitrary DLL code when launched from directories containing a malicious dwmapi.dll file. This condition allows attackers who gain access to the specified directory to exploit this flaw, potentially leading to unauthorized code execution on the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://twitter.com/LionHeartRoxx/status/936338288314540032
x_refsource_MISC
https://packetstormsecurity.com/files/145202/Amazon-Audib...
x_refsource_MISC
http://www.securityfocus.com/bid/102044
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.