CVE-2018-9859 in Whaleinfo

Summary

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

04/09/2018

Disclosure

06/15/2018

Moderation

VulDB entry created

Entries

VDB-119622 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

7.9

EPSS

0.00478

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-9859
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-9859
CVE Details	https://www.cvedetails.com/cve/CVE-2018-9859/

◂ Previous Overview Next ▸