BlueStacks’ IPC mechanism exposes security vulnerabilities that are exploitable via malicious web pages

Summary 

Impact of Vulnerability BlueStacks’ IPC mechanism exposes security vulnerabilities that are exploitable via malicious web pages
CVE Numbers CVE-2019-12936 
Severity Rating High
CVSS v3 Base / Temporal Scores: Base: 7.1
Recommendations Install or update to latest BlueStacks App Player
Affected Versions Windows: Version 4.80 and below
Fixed Version Windows: Version 4.90
Location of Updated Software http://www.bluestacks.com/download.html

 

Description

An attacker can use DNS Rebinding to gain access to the BlueStacks App Player IPC mechanism via a malicious web page. From there, various exposed IPC functions can be abused.

 

Remediation 

Windows

Download the product from http://www.bluestacks.com/download.html.

Install the updated Bluestacks App Player using the usual update path.

 

Workaround

  • Download the latest version of BlueStacks from website

 

Acknowledgments

Nick Cano <nickcano.com>

 

CVSS Scoring 

Base Score 7.1
Attack Vector (AV) Network(N)
Attack Complexity (AC) High (H)
Privileges Required (PR) Low (L)
User Interaction (UI) Required (R)
Scope (S) Unchanged(U)
Confidentiality (C) High (H)
Integrity (I) High (H)
Availability (A) High (H)

 

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Was this article helpful?
5 out of 7 found this helpful