CVE-2020-8895 Vulnerability Details

  /     /     /  

CVE-2020-8895 Metadata Quick Info

CVE Published: 21/04/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: Google | Vendor: Google | Product: Earth Pro
Status : PUBLISHED

---

CVE-2020-8895 Description

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

Metrics

CVSS Version: 3.1 | Base Score: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427 Uncontrolled Search Path Element
Source: Google

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).