mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.0 KiB
1.0 KiB
CVE-2018-6546
Description
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.
POC
Reference
- https://github.com/securifera/CVE-2018-6546-Exploit/
- https://www.exploit-db.com/exploits/44476/
- https://www.securifera.com/advisories/CVE-2018-6546/