CVE-2022-41156 HIGH

CVE-2022-41156: OndiskPlayer Remote Code Execution Vulnerability

Vendor Etms Co.,Ltd
Product OndiskPlayerAgent
Weakness CWE-345
Published November 25, 2022
Last update April 23, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.

Key dates

02Disclosure timeline

November 25, 2022 CVE published
April 23, 2025 Record updated