Summary
| Impact of Vulnerability | Privilege Escalation |
| CVE Numbers | |
| Severity Rating | Medium |
| CVSS v3 Base / Temporal Scores: | Base: 7.8 , Temporal: 7.2 |
| Recommendations | Install or Update to latest BlueStacks Player |
| Affected Versions | All Versions |
| Location of Updated Software | http://www.bluestacks.com/download.html |
Description
An unquoted path vulnerability was discovered in a common component of the product that allows unauthorized privilege escalation. Unquoted paths in the Windows registry could allow an attacker to execute malicious code. The attacker must be an authenticated user to exploit this flaw.
Remediation
Go to the Product Downloads site and download the product. Install the updated Bluestacks Player using the usual update path.
Workaround
None, Install the latest release
Acknowledgments
Discovered Yunus YILDIRIM <yunusyildirim@protonmail.com>
CVSS Scoring
| Base Score | 7.8 |
| Attack Vector (AV) | Local (L) |
| Attack Complexity (AC) | High (H) |
| Privileges Required (PR) | Low (L) |
| User Interaction (UI) | None (N) |
| Scope (S) | Changed (C) |
| Confidentiality (C) | High (H) |
| Integrity (I) | High (H) |
| Availability (A) | High (H) |
| Temporal Score (Overall) | 7.2 |
| Exploitability (E) | Functional (F) |
| Remediation Level (RL) | Official Fix (O) |
| Report Confidence (RC) | Confirmed (C) |
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C