VDB-240903 · CVE-2022-4956 · GCVE-100-240903

Caphyon Advanced Installer 19.7 WinSxS DLL Mmepe ikike pụrụ iche

Achọpụtara adịghị ike a kpọrọ Pátá na Caphyon Advanced Installer 19.7. A na-emetụta ọrụ a na-amaghị nke akụkụ WinSxS DLL Handler. Nchegharị na-ebute Mmepe ikike pụrụ iche. Nsogbu a e kwuru site na CWE dị ka CWE-427. Adịghị ike e bipụtara na 11/06/2022 dị ka Advaned Installer Local Privilege Escalation Vulnerability. A na-ekekọrịta ndụmọdụ a maka nbudata na heegong.github.io. A na-ere vulnerability a dị ka CVE-2022-4956. Mwakpo ahụ kwesịrị ịmalite site n'ebe ahụ. Nkọwa teknụzụ adịghị. Ọzọkwa, exploit dị. A kpọrọ exploit ahụ n'ìhè ọha na eze ma nwee ike iji ya. Ugbu a, ọnụahịa dị ugbu a maka exploit might be approx. USD $0-$5k n'oge a. A na-akọwa usoro mwakpo dị ka T1574 site n'aka oru MITRE ATT&CK. E kwupụtara ya dị ka Ẹ̀rí Èrò. Enwere exploit a maka nbudata na heegong.github.io. N’oge ọ bụ 0-day, a chere na ọnụahịa ya n’ahịa ndò dị ihe dị ka $0-$5k. Imeziwanye na nsụgharị 19.7.1 nwere ike idozi nsogbu a. Ụdị ọhụrụ dị njikere maka ibudata na advancedinstaller.com. A na-akwado ka e melite akụkụ a metụtara. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Mgbanwe · 73 Ìpinnu Àkọsílẹ̀

pápá	E kere 29/09/2023 11:45 AM	Emelitere 1/2 22/10/2023 11:24 AM	Emelitere 2/2 22/10/2023 11:31 AM
software_vendor	Caphyon	Caphyon	Caphyon
software_name	Advanced Installer	Advanced Installer	Advanced Installer
software_version	19.7	19.7	19.7
software_component	WinSxS DLL Handler	WinSxS DLL Handler	WinSxS DLL Handler
vulnerability_cwe	CWE-427 (Mmepe ikike pụrụ iche)	CWE-427 (Mmepe ikike pụrụ iche)	CWE-427 (Mmepe ikike pụrụ iche)
vulnerability_risk	2	2	2
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_date	1654898400 (11/06/2022)	1654898400 (11/06/2022)	1654898400 (11/06/2022)
advisory_identifier	Advaned Installer Local Privilege Escalation Vulnerability	Advaned Installer Local Privilege Escalation Vulnerability	Advaned Installer Local Privilege Escalation Vulnerability
advisory_url	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/	https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/
countermeasure_name	ìgbélárugẹ	ìgbélárugẹ	ìgbélárugẹ
upgrade_version	19.7.1	19.7.1	19.7.1
countermeasure_upgrade_url	https://www.advancedinstaller.com/release-19.7.1.html#bugfixes	https://www.advancedinstaller.com/release-19.7.1.html#bugfixes	https://www.advancedinstaller.com/release-19.7.1.html#bugfixes
source_cve	CVE-2022-4956	CVE-2022-4956	CVE-2022-4956
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	5.3	5.3	5.3
cvss3_vuldb_basescore	7.8	7.8	7.8
cvss3_vuldb_tempscore	7.0	7.0	7.0
cvss3_meta_basescore	7.8	7.8	7.8
cvss3_meta_tempscore	7.0	7.0	7.5
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1695938400 (29/09/2023)	1695938400 (29/09/2023)
cve_nvd_summary		A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.	A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
cvss3_nvd_av			L
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			L
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			C
cvss2_nvd_ii			C
cvss2_nvd_ai			C
cvss3_cna_av			L
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			H
cvss3_cna_i			H
cvss3_cna_a			H
cve_cna			VulDB
cvss2_nvd_basescore			6.8
cvss3_nvd_basescore			7.8
cvss3_cna_basescore			7.8

◂ Ṣaaju Akopọ Tó kàn ▸

Do you need the next level of professionalism?

Upgrade your account now!