CVE-2018-1169

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.

Published : 2018-03-02 01:29 Updated : 2019-10-09 23:38

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Amazon Amazon Music 6.1.5.1213 cpe:/a:amazon:amazon_music:6.1.5.1213
  1. Amazon (1) Search CVE
    1. Amazon Music (1) Search CVE
      1. 6.1.5.1213

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-03-22 14:00
2018-03-07 02:29
2018-03-02 01:29

New CVE