|Impact of Vulnerability||Allows users to execute arbitrary programs with SYSTEM
| CVSS v3 Base / Temporal
|Base: 8.8 , Temporal: 8.2|
|Recommendations||Install or Update to latest BlueStacks Player|
|Affected Versions||All Versions|
|Location of Updated Software||http://www.bluestacks.com/download.html|
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App
Player installer creates a registry key with weak permissions that allows users to execute
arbitrary programs with SYSTEM privileges.
● CVE20164288: Allows users to execute arbitrary programs with SYSTEM permissions.
Go to the Product Downloads site and download the product.
Install the updated Bluestacks Player using the usual update path.
None, Install the latest release
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos. TALOSCAN0124
|Attack Vector (AV)||Advanced (A)|
|Attack Complexity (AC)||Low (L)|
|Privileges Required (PR||None (N)|
|User Interaction (UI)||None (N)|
|Confidentiality (C)||Low (L)|
|Integrity (I)||Low (L)|
|Availability (A)||Low (L)|
|Temporal Score (Overall)||8.2|
|Exploitability (E)||Functional (F)|
|Remediation Level (RL)||Official Fix (O)|
|Report Confidence (RC)||Confirmed (C)|