Privilege Escalation

 

Summary 

Impact of Vulnerability Privilege Escalation
CVE Numbers  
Severity Rating Medium
CVSS v3 Base / Temporal Scores: Base: 7.8 , Temporal: 7.2
Recommendations Install or Update to latest BlueStacks Player
Affected Versions All Versions
Location of Updated Software http://www.bluestacks.com/download.html

 

Description

An unquoted path vulnerability was discovered in a common component of the product that allows unauthorized privilege escalation. Unquoted paths in the Windows registry could allow an attacker to execute malicious code. The attacker must be an authenticated user to exploit this flaw.

 

Remediation

Go to the Product Downloads site and download the product. Install the updated Bluestacks Player using the usual update path.

 

Workaround

None, Install the latest release

 

Acknowledgments

Discovered Yunus YILDIRIM <yunusyildirim@protonmail.com> 

 

CVSS Scoring 

Base Score 7.8
Attack Vector (AV) Local (L)
Attack Complexity (AC) High (H)
Privileges Required (PR) Low (L)
User Interaction (UI) None (N)
Scope (S) Changed (C)
Confidentiality (C) High (H)
Integrity (I) High (H)
Availability (A) High (H)
Temporal Score (Overall) 7.2
Exploitability (E) Functional (F)
Remediation Level (RL) Official Fix (O)
Report Confidence (RC) Confirmed (C)

 

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

Was this article helpful?
0 out of 0 found this helpful