Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-6473
CVE-2024-6473:
Yandex Browser vulnerability analysis and mitigation
Overview
Yandex Browser for Desktop before version 24.7.1.380 contains a DLL Hijacking Vulnerability due to the use of an untrusted search path. This vulnerability was discovered by Doctor Web, Ltd. and was assigned CVE-2024-6473 (Vendor Advisory).
Technical details
The vulnerability has been assessed with multiple CVSS scores. According to the vendor Yandex N.V., it received a CVSS v4.0 Base Score of 8.4 (HIGH) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H. The NVD assessment provided a CVSS v3.1 Base Score of 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-426 (Untrusted Search Path) (NVD).
Impact
The DLL Hijacking vulnerability could potentially lead to high impacts on system confidentiality, system integrity, and system availability as indicated by the CVSS scores. The local attack vector suggests that an attacker would need local access to exploit this vulnerability (NVD).
Mitigation and workarounds
Users should upgrade to Yandex Browser for Desktop version 24.7.1.380 or later to address this vulnerability (Vendor Advisory).
Additional resources
Source: This report was generated using AI
Related Yandex Browser vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management