Binary Hijacking Vulnerability in VideoLAN VLC Media Player
CVE-2023-46814

7.8HIGH

Key Information:

Vendor: Videolan
Status: Vlc Media Player
Vendor: CVE Published:; 22 November 2023

Summary

A binary hijacking vulnerability found in VideoLAN VLC Media Player prior to version 3.0.19 for Windows allows standard users to execute arbitrary code with elevated SYSTEM privileges. This occurs due to the uninstaller executing code from a user-writable directory, creating a significant security risk. Users of affected versions should consider upgrading to the latest version to mitigate this risk.

References

https://www.videolan.org/security/sb-vlc3019.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Oct 27, 2023