{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10093", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-17T16:12:59.215Z", "datePublished": "2024-10-17T22:31:03.384Z", "dateUpdated": "2024-10-18T17:20:02.194Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-17T22:31:03.384Z"}, "title": "VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "Uncontrolled Search Path"}]}], "affected": [{"vendor": "VSO", "product": "ConvertXtoDvd", "versions": [{"version": "7.0.0.83", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in VSO ConvertXtoDvd 7.0.0.83 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil in der Bibliothek avcodec.dll der Datei ConvertXtoDvd.exe. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-10-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-17T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-17T18:18:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.280758", "name": "VDB-280758 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.280758", "name": "VDB-280758 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.420798", "name": "Submit #420798 | VSO Software ConvertXtoDVD 7.0.0.83 DLL Hijacking", "tags": ["third-party-advisory"]}]}, "adp": [{"affected": [{"vendor": "vso", "product": "convertxtodvd", "cpes": ["cpe:2.3:a:vso:convertxtodvd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0.83", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T17:13:38.644805Z", "id": "CVE-2024-10093", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T17:20:02.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10093", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-18T17:13:38.644805Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vso:convertxtodvd:*:*:*:*:*:*:*:*"], "vendor": "vso", "product": "convertxtodvd", "versions": [{"status": "affected", "version": "7.0.0.83"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T17:14:48.335Z"}}], "cna": {"title": "VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "VSO", "product": "ConvertXtoDvd", "versions": [{"status": "affected", "version": "7.0.0.83"}]}], "timeline": [{"lang": "en", "time": "2024-10-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-10-17T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-10-17T18:18:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.280758", "name": "VDB-280758 | VSO ConvertXtoDvd ConvertXtoDvd.exe uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.280758", "name": "VDB-280758 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.420798", "name": "Submit #420798 | VSO Software ConvertXtoDVD 7.0.0.83 DLL Hijacking", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in VSO ConvertXtoDvd 7.0.0.83 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil in der Bibliothek avcodec.dll der Datei ConvertXtoDvd.exe. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-17T22:31:03.384Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10093", "state": "PUBLISHED", "dateUpdated": "2024-10-18T17:20:02.194Z", "dateReserved": "2024-10-17T16:12:59.215Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-10-17T22:31:03.384Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2024-10093", "lastModified": "2024-10-18T12:52:33.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-17T23:15:11.817", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.280758"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.280758"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.420798"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}