VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX.
Metrics
Affected Vendors & Products
References
History
Fri, 09 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vrcx-team
Vrcx-team vrcx |
|
CPEs | cpe:2.3:a:vrcx-team:vrcx:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vrcx-team
Vrcx-team vrcx |
|
Metrics |
ssvc
|
Thu, 08 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC's API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | |
Title | VR Overlay RCE | |
Weaknesses | CWE-269 CWE-79 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-08T16:51:07.016Z
Updated: 2024-08-09T18:46:59.693Z
Reserved: 2024-07-30T14:01:33.923Z
Link: CVE-2024-42366
Vulnrichment
Updated: 2024-08-09T18:46:54.894Z
NVD
Status : Analyzed
Published: 2024-08-08T17:15:19.590
Modified: 2024-08-29T14:04:30.733
Link: CVE-2024-42366
Redhat
No data.