Advisories

Public Vulnerabilities & CVEs found by YLabs. All releases are governed by our Vulnerability Disclosure Policy.

CVE-2021-40826: Clementine Music Player v. <= v.1.3.1 - User Mode Write Access Violation

Severity: Medium

Clementine Music Player v. <= 1.3.1 is affected by a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207.

The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine.
Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.

eip=007aa207 esp=561af1f8 ebp=561af280 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
clementine+0x3aa207:
007aa207 894604          mov     dword ptr [esi+4],eax ds:002b:00000004=????????

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_WRITE_AVRF_c0000005_clementine.exe!Unknown

Basic Block:
    007aa207 mov dword ptr [esi+4],eax
       Tainted Input operands: 'eax','esi'
    007aa20a mov eax,dword ptr [ebp+0ch]
    007aa20d mov dword ptr [esi+8],eax
    007aa210 lock inc dword ptr [qtcore4!zn9qlistdata11shared_nulle (6e200074)]
    007aa217 setne al
    007aa21a mov eax,dword ptr [esi]
    007aa21c mov dword ptr [esi],offset qtcore4!zn9qlistdata11shared_nulle (6e200074)
    007aa222 lock dec dword ptr [eax]
    007aa225 setne dl
    007aa228 test dl,dl
    007aa22a jne clementine+0x3aa23b (007aa23b)

Exception Hash (Major/Minor): 0xf535c3f1.0x4c51c076

 Hash Usage : Stack Trace:
Major+Minor : clementine+0x3aa207
Major+Minor : clementine+0x2555e4
Major+Minor : libgobject_2_0_0!g_cclosure_marshal_VOID__OBJECTv+0x46
Instruction Address: 0x00000000007aa207

Description: User Mode Write AV near NULL
Short Description: WriteAVNearNull
Exploitability Classification: UNKNOWN
Recommended Bug Title: User Mode Write AV near NULL starting at clementine+0x00000000003aa207 (Hash=0xf535c3f1.0x4c51c076)

CVE-2021-41285: Crucial Ballistix MOD Utility v. <= 2.0.2.5 - Multiple Privilege Escalation (LPE/EoP)

Severity: High

Crucial by Micron Technology, Inc Ballistix MOD Utility v.<= 2.0.2.5 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the MODAPI.sys driver component.

All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:

Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.
Read/write Model-Specific Registers (MSRs) via the __readmsr/__writemsr functions calls.
Read/write 1/2/4 bytes to or from an IO port.

Attackers could exploit these issues to achieve local privilege escalation from low-privileged users to NT AUTHORITY\SYSTEM.

CVE‑2021‑1079: NVIDIA GeForce Experience v.<= 3.21 - Arbitrary File Write

Severity: High

NVIDIA GeForce Experience v.<= 3.21 is affected by an Arbitrary File Write vulnerability in GameStream plugins where log files are created using NT/System level permissions, which lead to Elevation of Privileges (EoP) to Code Execution.

CVE-2021-26237: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d7d, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26236: FastStone Image Viewer v.<= 7.5 Stack-based Buffer Overflow

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality ('BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.

CVE-2021-26235: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfc9, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26234: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVE-2021-26233: FastStone Image Viewer v.<= 7.5 User Mode Write Access Violation

Severity: High

FastStone Image Viewer v.<= 7.5 is affected by a user mode Write Access Violation near NULL at 0x005bdfcb, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.