CVE-2023-46814 — Vulnetix

CVE-2023-46814 PUBLISHED CVSS 7.800000190734863 HIGH

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

EPSS 0.11% · 28.6th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.11%

28.6th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=1.5.0.14

Exploit Intelligence

https://www.videolan.org/security/sb-vlc3019.html (circl)

Timeline

Nov 16, 2023 CVE Published
Nov 22, 2023 EPSS Score
Dec 22, 2023 EPSS Score
Jan 21, 2024 EPSS Score
Feb 20, 2024 EPSS Score
Mar 21, 2024 EPSS Score
Apr 20, 2024 EPSS Score
May 20, 2024 EPSS Score
Jun 19, 2024 EPSS Score
Jul 19, 2024 EPSS Score
Aug 18, 2024 EPSS Score
Sep 17, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2025/4hzm000603.json advisory
https://search.abb.com/library/Download.aspx?DocumentID=4HZM000603&LanguageCode=en&DocumentPartId=&Action=Launch advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-46814 advisory

Open in Interactive Console →