Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 05 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Tue, 03 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Yandex
Yandex yandex Browser
CPEs cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*
Vendors & Products Yandex
Yandex yandex Browser
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
Description Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Title DLL Hijacking in Yandex Browser
Weaknesses CWE-426
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: yandex

Published:

Updated: 2024-09-03T13:55:15.844Z

Reserved: 2024-07-03T10:56:50.777Z

Link: CVE-2024-6473

cve-icon Vulnrichment

Updated: 2024-09-03T13:54:44.755Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-03T11:15:15.800

Modified: 2024-09-05T14:19:45.153

Link: CVE-2024-6473

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.