Vulnerability-Lookup

CVE-2018-1000006 (GCVE-0-2018-1000006)

Vulnerability from cvelistv5 – Published: 2018-01-24 23:00 – Updated: 2024-08-05 12:33

Summary

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2018-1000006

Vulnerability from fkie_nvd - Published: 2018-01-24 23:29 - Updated: 2024-11-21 03:39

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/102796	Third Party Advisory, VDB Entry
cve@mitre.org	https://electronjs.org/blog/protocol-handler-fix	Mitigation, Third Party Advisory
cve@mitre.org	https://github.com/electron/electron/releases/tag/v1.8.2-beta.4	Patch, Third Party Advisory
cve@mitre.org	https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
cve@mitre.org	https://www.exploit-db.com/exploits/43899/	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/44357/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102796	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://electronjs.org/blog/protocol-handler-fix	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/electron/electron/releases/tag/v1.8.2-beta.4	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/43899/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44357/

Impacted products

Vendor	Product	Version
atom	electron	1.8.2
atom	electron	1.8.2
atom	electron	1.8.2
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_server_2008	-
atom	electron	*
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_server_2008	-
atom	electron	*
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_server_2008	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atom:electron:1.8.2:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "BFA47121-C64D-47AE-9727-FCF8529CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atom:electron:1.8.2:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3F4BF920-51B2-4548-927E-32AA2BD11815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atom:electron:1.8.2:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "6958F8D3-DA8C-44E1-A2E4-3F4424412ECF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46AC66EC-6EE2-49F9-B027-B3CA544AA31B",
              "versionEndIncluding": "1.7.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32F6D68-2717-4A2D-8394-54DA47FA6495",
              "versionEndIncluding": "1.6.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16."
    },
    {
      "lang": "es",
      "value": "GitHub Electron en versiones 1.8.2-beta.3 y anteriores, 1.7.10 y anteriores y 1.6.15 y anteriores tiene una vulnerabilidad en el manipulador de protocolos, espec\u00edficamente en las apps Electron que se ejecutan en Windows 10, 7 o 2008 y que registren manipuladores personalizados de protocolos, que permite que se les pueda enga\u00f1ar para que ejecuten comandos arbitrarios si el usuario hace clic en una URL especialmente manipulada. Esto se ha solucionado en las versiones 1.8.2-beta.4, 1.7.11 y 1.6.16."
    }
  ],
  "id": "CVE-2018-1000006",
  "lastModified": "2024-11-21T03:39:24.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-24T23:29:00.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102796"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://electronjs.org/blog/protocol-handler-fix"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43899/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/44357/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://electronjs.org/blog/protocol-handler-fix"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43899/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/44357/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W222-53C6-C86P

Vulnerability from github – Published: 2018-01-23 03:57 – Updated: 2021-06-10 19:55

Summary

Remote Code Execution in electron

Details

Affected versions of electron may be susceptible to a remote code execution flaw when certain conditions are met: 1. The electron application is running on Windows. 2. The electron application registers as the default handler for a protocol, such as nodeapp://.

This vulnerability is caused by a failure to sanitize additional arguments to chromium in the command line handler for Electron.

MacOS and Linux are not vulnerable.

Recommendation

Update electron to a version that is not vulnerable. If updating is not possible, the electron team has provided the following guidance:

If for some reason you are unable to upgrade your Electron version, you can append -- as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from parsing further options. The double dash -- signifies the end of command options, after which only positional parameters are accepted.

app.setAsDefaultProtocolClient(protocol, process.execPath, [
  '--your-switches-here',
  '--'
])

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.7.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.2-beta.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "electron"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.8.2-beta.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:59:07Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `electron` may be susceptible to a remote code execution flaw when certain conditions are met:\n1. The electron application is running on Windows.\n2. The electron application registers as the default handler for a protocol, such as `nodeapp://`.\n\nThis vulnerability is caused by a failure to sanitize additional arguments to chromium in the command line handler for Electron.\n\nMacOS and Linux are not vulnerable.\n\n\n## Recommendation\n\nUpdate electron to a version that is not vulnerable. If updating is not possible, the electron team has provided the following guidance:\n\n\nIf for some reason you are unable to upgrade your Electron version, you can append `--` as the last argument when calling `app.setAsDefaultProtocolClient`, which prevents Chromium from parsing further options. The double dash `--` signifies the end of command options, after which only positional parameters are accepted.\n```\napp.setAsDefaultProtocolClient(protocol, process.execPath, [\n  \u0027--your-switches-here\u0027,\n  \u0027--\u0027\n])\n```",
  "id": "GHSA-w222-53c6-c86p",
  "modified": "2021-06-10T19:55:43Z",
  "published": "2018-01-23T03:57:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000006"
    },
    {
      "type": "WEB",
      "url": "https://electronjs.org/blog/protocol-handler-fix"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-w222-53c6-c86p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43899"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44357"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/563"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Remote Code Execution in electron"
}

CNVD-2018-03218

Vulnerability from cnvd - Published: 2018-02-12

Title

GitHub Electron任意命令执行漏洞

Description

GitHub Electron是美国GitHub公司的一个应用程序开发框架。该框架支持使用JavaScript、HTML和CSS编写跨平台桌面应用程序。 GitHub Electron 1.8.2-beta.3及之前版本、1.7.10及之前版本和1.6.15及之前版本中的protocol handler存在安全漏洞。攻击者可借助特制的URL利用该漏洞执行任意命令。

Severity

高

Patch Name

GitHub Electron任意命令执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/electron/electron/releases/tag/v1.8.2-beta.4

Reference

http://blog.nsfocus.net/cve-2018-1000006/

Impacted products

Name
['github Electron <=1.8.2-beta.3', 'github Electron <=1.7.10', 'github Electron <=1.6.15']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102796"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1000006"
    }
  },
  "description": "GitHub Electron\u662f\u7f8e\u56fdGitHub\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u652f\u6301\u4f7f\u7528JavaScript\u3001HTML\u548cCSS\u7f16\u5199\u8de8\u5e73\u53f0\u684c\u9762\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nGitHub Electron 1.8.2-beta.3\u53ca\u4e4b\u524d\u7248\u672c\u30011.7.10\u53ca\u4e4b\u524d\u7248\u672c\u548c1.6.15\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684protocol handler\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "github",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/electron/electron/releases/tag/v1.8.2-beta.4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03218",
  "openTime": "2018-02-12",
  "patchDescription": "GitHub Electron\u662f\u7f8e\u56fdGitHub\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u6846\u67b6\u3002\u8be5\u6846\u67b6\u652f\u6301\u4f7f\u7528JavaScript\u3001HTML\u548cCSS\u7f16\u5199\u8de8\u5e73\u53f0\u684c\u9762\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nGitHub Electron 1.8.2-beta.3\u53ca\u4e4b\u524d\u7248\u672c\u30011.7.10\u53ca\u4e4b\u524d\u7248\u672c\u548c1.6.15\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684protocol handler\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GitHub Electron\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "github Electron \u003c=1.8.2-beta.3",
      "github Electron \u003c=1.7.10",
      "github Electron \u003c=1.6.15"
    ]
  },
  "referenceLink": "http://blog.nsfocus.net/cve-2018-1000006/",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-25",
  "title": "GitHub Electron\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

GSD-2018-1000006

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1000006

Aliases

CVE-2018-1000006

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1000006",
    "description": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.",
    "id": "GSD-2018-1000006",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-1000006"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1000006"
      ],
      "details": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.",
      "id": "GSD-2018-1000006",
      "modified": "2023-12-13T01:22:27.849305Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "DATE_ASSIGNED": "2018-01-19",
        "ID": "CVE-2018-1000006",
        "REQUESTER": "phillmv@github.com",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43899",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/43899/"
          },
          {
            "name": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4",
            "refsource": "CONFIRM",
            "url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
          },
          {
            "name": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374",
            "refsource": "MISC",
            "url": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
          },
          {
            "name": "https://electronjs.org/blog/protocol-handler-fix",
            "refsource": "CONFIRM",
            "url": "https://electronjs.org/blog/protocol-handler-fix"
          },
          {
            "name": "102796",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102796"
          },
          {
            "name": "44357",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44357/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "=1.8.2||\u003e1.6.15 \u003c=1.7.10",
          "affected_versions": "Version 1.8.2, all versions after 1.6.15 up to 1.7.10",
          "credit": "Zeke Sikelianos",
          "cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2018-04-01",
          "description": "GitHub Electron has a vulnerability in the protocol handler.",
          "fixed_versions": [
            "0.1.0",
            "1.7.11",
            "1.8.3"
          ],
          "identifier": "CVE-2018-1000006",
          "identifiers": [
            "CVE-2018-1000006"
          ],
          "not_impacted": "All versions before 1.8.2, all versions after 1.8.2, all versions up to 1.6.15, all versions after 1.7.10",
          "package_slug": "npm/electron",
          "pubdate": "2018-01-24",
          "solution": "Upgrade to versions 0.1.0, 1.7.11, 1.8.3 or above.",
          "title": "Remote Code Execution (Windows)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1000006",
            "http://www.securityfocus.com/bid/102796",
            "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374",
            "https://www.exploit-db.com/exploits/43899/",
            "https://electronjs.org/blog/protocol-handler-fix"
          ],
          "uuid": "189da7cc-f023-4138-8f70-d9e8e8a2057e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:atom:electron:1.8.2:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:atom:electron:1.8.2:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:atom:electron:1.8.2:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.7.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6.15",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-1000006"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
            },
            {
              "name": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
            },
            {
              "name": "102796",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102796"
            },
            {
              "name": "43899",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/43899/"
            },
            {
              "name": "https://electronjs.org/blog/protocol-handler-fix",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://electronjs.org/blog/protocol-handler-fix"
            },
            {
              "name": "44357",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/44357/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-04-01T01:29Z",
      "publishedDate": "2018-01-24T23:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1000006 (GCVE-0-2018-1000006)

FKIE_CVE-2018-1000006

GHSA-W222-53C6-C86P

Recommendation

CNVD-2018-03218

GSD-2018-1000006

Tags

Sightings

Nomenclature