Untrusted Search Path Vulnerability in NetEase CloudMusic for Windows
CVE-2023-47454

7.8HIGH

Key Information:

Vendor: Netease
Status: Cloudmusic
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-47454?

The vulnerability in NetEase CloudMusic 2.10.4 for Windows arises from the application improperly handling the search path of dynamic link libraries. This misconfiguration allows local users to escalate their privileges by exploiting the urlmon.dll file located in the current working directory. By manipulating this component, an attacker can execute arbitrary code with elevated rights, posing significant risks to user data and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/xieqiang11/poc-3/tree/main

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 6, 2023

JSON

Netease

What is CVE-2023-47454?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.