Filtered by vendor Tencent Subscriptions
Filtered by product Gameloop Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-33879 1 Tencent 1 Gameloop 2024-08-04 8.1 High
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.