Authors:securifera Risk：High CVE：CVE-2018-6547 0day:Denial of Service 0day-id:0DAY-6547 Date：2018-04-15
plays_service.exe in the plays.tv service before 188.8.131.52, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.
Access Vector: REMOTE
Access Complexity: LOW
Authentication: NOT REQUIRED TO EXPLOIT
Impact Type: FILE CORRUPTION (DENIAL OF SERVICE)
Privilege Level: SYSTEM
Please update to Plays.tv 184.108.40.206 to remedy the vulnerability