Details of VAR-201711-1238

ID

VAR-201711-1238

TITLE

DLL hijacking vulnerability in PC client of Hikvision fluorite studio

Trust: 0.6

sources: CNVD: CNVD-2017-30772

DESCRIPTION

Fluorite Studio is the supporting client software for the fluorite cloud video webcam. It is a PC client based on video applications. A DLL hijacking vulnerability exists in the PC client of Hikvision's fluorite studio, which can be exploited by a malicious DLL file to execute arbitrary code on the target system.

Trust: 0.6

sources: CNVD: CNVD-2017-30772

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-30772

AFFECTED PRODUCTS

vendor:

hikvision digital

model:

fluorite studio pc client

scope:

version:

2.4.0

Trust: 0.6

sources: CNVD: CNVD-2017-30772

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-30772
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-30772
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-30772

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-30772

Trust: 0.6

sources: CNVD: CNVD-2017-30772

SOURCES

db:

CNVD

id:

CNVD-2017-30772

LAST UPDATE DATE

2022-05-04T09:34:01.638000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-30772

date:

2017-10-31T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-30772

date:

2017-11-05T00:00:00