Sign-up

ID

VAR-201803-2099


CVE

CVE-2018-6766


TITLE

Swisscom TVMediaHelper Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003559

DESCRIPTION

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. Swisscom TVMediaHelper Contains a data processing vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SwisscomTVMediaHelper is a set-top box device from Swisscom, Switzerland. (Multiple files include: dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll)

Trust: 2.16

sources: NVD: CVE-2018-6766 // JVNDB: JVNDB-2018-003559 // CNVD: CNVD-2018-08004

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08004

AFFECTED PRODUCTS

vendor:swisscommodel:tvmediahelperscope:eqversion:1.1.0.50

Trust: 3.0

sources: CNVD: CNVD-2018-08004 // JVNDB: JVNDB-2018-003559 // CNNVD: CNNVD-201803-962 // NVD: CVE-2018-6766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6766
value: HIGH

Trust: 1.0

NVD: CVE-2018-6766
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-08004
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-962
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-6766
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08004
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6766
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08004 // JVNDB: JVNDB-2018-003559 // CNNVD: CNNVD-201803-962 // NVD: CVE-2018-6766

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.0

problemtype:CWE-19

Trust: 0.8

sources: JVNDB: JVNDB-2018-003559 // NVD: CVE-2018-6766

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-962

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-962

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003559

PATCH
title:DLL Side-Loading (CVE-2018-6766)url:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-6766_tvmediahelper.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003559

EXTERNAL IDS
db:NVDid:CVE-2018-6766
Trust: 3.0
db:JVNDBid:JVNDB-2018-003559
Trust: 0.8
db:CNVDid:CNVD-2018-08004
Trust: 0.6
db:CNNVDid:CNNVD-201803-962
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08004 // 
            
            
            
            JVNDB: JVNDB-2018-003559 // 
            
            
            
            CNNVD: CNNVD-201803-962 // 
            
            
            
            NVD: CVE-2018-6766

REFERENCES
url:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-6766_tvmediahelper.txt
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6766
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6766
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-08004 // 
            
            
            
            JVNDB: JVNDB-2018-003559 // 
            
            
            
            CNNVD: CNNVD-201803-962 // 
            
            
            
            NVD: CVE-2018-6766

SOURCES
db:CNVDid:CNVD-2018-08004
db:JVNDBid:JVNDB-2018-003559
db:CNNVDid:CNNVD-201803-962
db:NVDid:CVE-2018-6766

LAST UPDATE DATE
2024-11-23T22:17:36.818000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08004date:2018-04-20T00:00:00
db:JVNDBid:JVNDB-2018-003559date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-962date:2019-10-23T00:00:00
db:NVDid:CVE-2018-6766date:2024-11-21T04:11:08.690

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08004date:2018-04-20T00:00:00
db:JVNDBid:JVNDB-2018-003559date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-962date:2018-03-28T00:00:00
db:NVDid:CVE-2018-6766date:2018-03-27T17:29:00.447