CVE-2023-46814

{"id": "CVE-2023-46814", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-22T05:15:07.837", "references": [{"url": "https://www.videolan.org/security/sb-vlc3019.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM."}, {"lang": "es", "value": "Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar c\u00f3digo con privilegios elevados desde una ubicaci\u00f3n de escritura est\u00e1ndar por parte del usuario. Los usuarios est\u00e1ndar pueden usar esto para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM."}], "lastModified": "2023-11-29T18:54:35.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F663974-91B4-4FBC-A97C-8ED5CCFCD59C", "versionEndExcluding": "3.0.19"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}