CVE-2018-1169 - OpenCVE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Amazon	Amazon Music

Configuration 1 [-]

cpe:2.3:a:amazon:amazon_music:6.1.5.1213:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/103215	Third Party Advisory VDB Entry
https://zerodayinitiative.com/advisories/ZDI-18-215	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zdi

Published: 2018-03-02T01:00:00

Updated: 2018-03-06T10:57:01

Reserved: 2017-12-05T00:00:00

Link: CVE-2018-1169

JSON object: View

NVD Information

Status : Modified

Published: 2018-03-02T01:29:00.270

Modified: 2019-10-09T23:38:13.083

Link: CVE-2018-1169

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Amazon Music Player", "vendor": "Amazon", "versions": [{"status": "affected", "version": "6.1.5.1213"}]}], "datePublic": "2018-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78-Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-06T10:57:01", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-215"}, {"name": "103215", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103215"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2018-1169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Amazon Music Player", "version": {"version_data": [{"version_value": "6.1.5.1213"}]}}]}, "vendor_name": "Amazon"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78-Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://zerodayinitiative.com/advisories/ZDI-18-215", "refsource": "MISC", "url": "https://zerodayinitiative.com/advisories/ZDI-18-215"}, {"name": "103215", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103215"}]}}}}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2018-1169", "datePublished": "2018-03-02T01:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2018-03-06T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:amazon_music:6.1.5.1213:*:*:*:*:*:*:*", "matchCriteriaId": "72F1F7CE-4726-47C9-B526-093888CDBDFD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521."}, {"lang": "es", "value": "Esta vulnerabilidad permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en instalaciones vulnerables de Amazon Music Player 6.1.5.1213. Se requiere de interacci\u00f3n del usuario para explotar esta vulnerabilidad en la que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. Este error en concreto existe en el procesamiento de manipuladores de URI. El problema deriva de la falta de validaci\u00f3n correcta de una cadena proporcionada por el usuario antes de emplearla para ejecutar una llamada del sistema. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del actual proceso. Anteriormente era ZDI-CAN-5521."}], "id": "CVE-2018-1169", "lastModified": "2019-10-09T23:38:13.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-02T01:29:00.270", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103215"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-215"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}