Plays.tv 1.27.5.0 CVE-2018-6547 Denial of Service

Authors:securifera             Risk:High
 
CVE:CVE-2018-6547             0day:Denial of Service  

0day-id:0DAY-6547              Date:2018-04-15

Description

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.

IMPACT

Access Vector:                            REMOTE
Access Complexity:                   LOW
Authentication:                         NOT REQUIRED TO EXPLOIT
Impact Type:                              FILE CORRUPTION (DENIAL OF SERVICE)
Privilege Level:                          SYSTEM

 

 AFFECTED PRODUCTS

SOFTWARE FIXES

Please update to Plays.tv 1.27.7.0 to remedy the vulnerability

发表评论