Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96476 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Feb/71 | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/141366/Amazon-Kindle-DLL-Hijacking.html | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-03-15 08:59
Updated : 2017-03-24 07:07
NVD link : CVE-2017-6189
Mitre link : CVE-2017-6189
JSON object : View
CWE
CWE-426
Untrusted Search Path
Products Affected
amazon
- kindle_for_pc