Описание
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
Ссылки
- ExploitVendor Advisory
- ProductVendor Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitVendor Advisory
- ProductVendor Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...
The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2