In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.
References
Link | Resource |
---|---|
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes | Vendor Advisory |
https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-22T01:54:48
Updated: 2021-09-30T01:27:18
Reserved: 2021-08-04T00:00:00
Link: CVE-2021-38112
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-22T02:15:09.647
Modified: 2021-09-30T16:34:12.210
Link: CVE-2021-38112
JSON object: View
Redhat Information
No data.
CWE