Published: 13/04/2018 Updated: 21/05/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

plays_service.exe in the plays.tv service prior to 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plays.tv plays.tv

######################################################################## # supportamdcom/en-us/download?cmpid=CCCOffline - # Click "Automatically Detect - Download Now" # Installation Automatically Installs "Raptr, Inc Plays TV Service" # # OR # # playstv/download # # Target OS: Windows( Any ) # Privilege: SYSTEM # Ty ...

CVE-2018-6546-Exploit

CVE-2018-6546 POC Exploit This is a proof of concept exploit for version 12750 and prior of the Playstv service(plays_serviceexe) More details about the vulnerabilities can be found at: wwwsecuriferacom/advisories/cve-2018-6546/ wwwsecuriferacom/blog/2018/04/15/amd-gaming-evolved-raptr-plays-tv-remote-file-execution/

CWE-287 https://www.securifera.com/advisories/CVE-2018-6546/https://github.com/securifera/CVE-2018-6546-Exploit/https://www.exploit-db.com/exploits/44476/https://nvd.nist.gov https://github.com/securifera/CVE-2018-6546-Exploit https://www.exploit-db.com/exploits/44476/

CVE-2018-6546

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect