← back
CVE-2020-8895

DLL Hijacking in Google Earth Pro Windows installer

CVSS 7.8 HIGHEPSS 0.2%CWE-427
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Earth Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.google.com/earth/answer/40901?hl=en