CVE-2019-12171

HIGH

Dropbox <71.4.108.0 - Memory Corruption

Title source: llm

Description

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are not securely freed in the running process.

References (2)

[Exploit, Third Party Advisory] https://drive.google.com/open?id=1DCGurwRTu0HsUpTglVR0jgItZNqqDm_5

[Exploit, Third Party Advisory] https://drive.google.com/open?id=1msz6pb08crPC0VT7s_Z_KTsKm9CbLJEXNsmRwzoNLy8

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-312

Status published

Affected Products (1)

dropbox/dropbox

Timeline

Published Jul 08, 2019

Tracked Since Feb 18, 2026