← Volver a CVEs
CVE-2021-25263
HIGH7.8
Descripcion
Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado8/17/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
yandex:yandex_browser
Debilidades (CWE)
CWE-732
Referencias
https://yandex.com/bugbounty/i/hall-of-fame-browser/(browser-security@yandex-team.ru)
https://yandex.com/bugbounty/i/hall-of-fame-browser/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.