CVE-2020-8895

HIGH

Google Earth Pro <7.3.3 - RCE

Title source: llm

Description

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

References (1)

[Vendor Advisory] https://support.google.com/earth/answer/40901?hl=en

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427 CWE-426

Status published

Affected Products (1)

google/earth < 7.3.3

Timeline

Published Apr 21, 2020

Tracked Since Feb 18, 2026