CVE-2024-50986
Published: 15 November 2024
Summary
CVE-2024-50986 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Clementine-Player Clementine. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Clementine version 1.3.1 contains an untrusted search path vulnerability tracked as CVE-2024-50986 and assigned CWE-426. The flaw permits a local attacker to place a crafted DLL that the application loads at runtime, resulting in arbitrary code execution on the host system. The issue carries a CVSS 3.1 score of 7.3 reflecting local attack vector, low attack complexity, and high impact across confidentiality, integrity, and availability.
A local attacker with the ability to write files to a location searched by Clementine can exploit the weakness when a user launches the player. Successful exploitation grants the attacker the same privileges as the running process, enabling full control over the affected workstation without requiring network access or elevated privileges beyond standard user rights.
The EPSS score for this CVE stands at 0.1085 with no material increase observed since disclosure. Public references consist of the Clementine project repository, the project homepage, and a proof-of-concept repository, but no vendor advisory or patch information is included in the available data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-45131
Vulnerability details
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The DLL hijacking vulnerability enables arbitrary code execution by placing a malicious QUSEREX.DLL in a searched path (WindowsApps directory in PATH), mapping to DLL Search Order Hijacking (T1038), DLL Side-Loading (T1073, T1574.002), and Path Interception by PATH Environment Variable (T1574.007).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.