CVE-2020-8895 : What You Need to Know
Discover the DLL Hijacking vulnerability in Google Earth Pro Windows installer prior to 7.3.3. Learn about the impact, affected systems, and mitigation steps for CVE-2020-8895.
Google Earth Pro Windows installer is affected by a DLL Hijacking vulnerability that allows attackers to execute remote code on systems prior to version 7.3.3.
Understanding CVE-2020-8895
Google Earth Pro for Windows is susceptible to a DLL Hijacking vulnerability, enabling unauthenticated remote code execution.
What is CVE-2020-8895?
This CVE identifies a DLL Hijacking vulnerability in the Google Earth Pro Windows installer versions before 7.3.3. Attackers can exploit this flaw to execute malicious code remotely.
The Impact of CVE-2020-8895
The vulnerability has a CVSS base score of 7.8 (High severity) with significant impacts on confidentiality, integrity, and availability. It requires no privileges and user interaction is necessary for exploitation.
Technical Details of CVE-2020-8895
Google Earth Pro's Windows installer vulnerability is detailed below:
Vulnerability Description
The untrusted search path vulnerability in Google Earth Pro's Windows installer allows attackers to insert malicious local files for remote code execution.
Affected Systems and Versions
- Product: Google Earth Pro
- Vendor: Google
- Platforms: Windows
- Versions Affected: Prior to 7.3.3
Exploitation Mechanism
Attackers can exploit this vulnerability by manipulating the search path to load malicious DLL files during the installation process.
Mitigation and Prevention
To address CVE-2020-8895, consider the following steps:
Immediate Steps to Take
- Update Google Earth Pro to version 7.3.3 as soon as possible.
Long-Term Security Practices
- Regularly update software to patch known vulnerabilities.
- Implement secure coding practices to prevent DLL hijacking and other similar attacks.
Patching and Updates
- Google recommends updating to version 7.3.3 to mitigate the DLL Hijacking vulnerability.