vendor:
Google Earth
by:
Gjoko 'LiquidWorm' Krstic
7,2
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Google Earth
Affected Version From: 5.1.3535.3218
Affected Version To: 5.1.3535.3218
Patch Exists: NO
Related CWE: N/A
CPE: a:google:google_earth
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows XP Professional SP3 (EN)
2010
Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit
Google Earth suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .kmz thru quserex.dll and wintab32.dll libraries.
Mitigation:
Ensure that the application is running with the least privileges necessary and that all files are stored in a secure location.
