DLL Preloading Vulnerability in AnyDesk for Windows 7 SP1
CVE-2018-13102

7.8HIGH

Key Information:

Vendor: Anydesk
Status: Anydesk
Vendor: CVE Published:; 3 July 2018

What is CVE-2018-13102?

AnyDesk versions prior to 4.1.3 on Windows 7 SP1 are susceptible to a DLL preloading vulnerability, which can be exploited to execute arbitrary code. This vulnerability arises due to the improper handling of dynamic link libraries when loading application components. Attackers can leverage this flaw to potentially gain unauthorized access to the system, making it imperative for users to upgrade to the latest version for enhanced security.

References

https://download.anydesk.com/changelog.txt

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2018
Vulnerability Reserved
Jul 3, 2018

Anydesk

What is CVE-2018-13102?

References

CVSS V3.1

Timeline