CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6189

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.7%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 4.4

References

http://packetstormsecurity.com/files/141366/Amazon-Kindle-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2017/Feb/71
http://www.securityfocus.com/bid/96476
http://packetstormsecurity.com/files/141366/Amazon-Kindle-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2017/Feb/71
http://www.securityfocus.com/bid/96476

Products affected by CVE-2017-6189

Amazon » Kindle For Pc » Version: 1.17.44183

cpe:2.3:a:amazon:kindle_for_pc:1.17.44183
Amazon » Kindle For Pc » Version: 1.3.0.30884

cpe:2.3:a:amazon:kindle_for_pc:1.3.0.30884

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6189

Products

Pricing

Contact Us