CVE-2020-8895Uncontrolled Search Path Element in Google Earth PRO

CWE-427Uncontrolled Search Path ElementCWE-426Untrusted Search Path3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google Earth PROGoogle Earth
Timeline
PublishedApr 21
Latest updateMay 24

Description

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/earth< 7.3.3
CVEListV5google/earth_prounspecified7.3.3

🔴Vulnerability Details

2
GHSA
GHSA-3p44-pgj6-cf97: A vulnerability in the windows installer of Google Earth Pro versions prior to 72022-05-24
CVEList
DLL Hijacking in Google Earth Pro Windows installer2020-04-21
CVE-2020-8895 — Uncontrolled Search Path Element | cvebase