This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.

Published : 2018-03-02 01:29 Updated : 2019-10-09 23:38

CVSS Score More info
Score 6.8 / 10
Vendor Product Version URI
Amazon Amazon Music cpe:/a:amazon:amazon_music:
  1. Amazon (1) Search CVE
    1. Amazon Music (1) Search CVE


ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-03-22 14:00
2018-03-07 02:29
2018-03-02 01:29