CVE-2024-6473

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*

History

05 Sep 2024, 14:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*
References () https://yandex.com/bugbounty/i/hall-of-fame-browser/ - () https://yandex.com/bugbounty/i/hall-of-fame-browser/ - Vendor Advisory
Summary
  • (es) El navegador Yandex para escritorio anterior a la versión 24.7.1.380 tiene una vulnerabilidad de secuestro de DLL porque se utiliza una ruta de búsqueda que no es confiable.
First Time Yandex
Yandex yandex Browser

03 Sep 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 11:15

Updated : 2024-09-05 14:19


NVD link : CVE-2024-6473

Mitre link : CVE-2024-6473

CVE.ORG link : CVE-2024-6473


JSON object : View

Products Affected

yandex

  • yandex_browser
CWE
CWE-426

Untrusted Search Path