| |
Vulnerability CVE-2016-1000276
Published: 2019-02-04
| Description: |
Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled. |
Type:
CWE-426 (Untrusted Search Path)
CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6/10 |
6.4/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://forum.audacityteam.org/viewtopic.php?f=46&t=92698
https://lists.openwall.net/full-disclosure/2017/01/04/3
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
