CVE-2023-47454

HIGH

Netease Cloudmusic - Uncontrolled Search Path

Title source: rule

Description

An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.

References (1)

[Exploit] https://github.com/xieqiang11/poc-3/tree/main

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

netease/cloudmusic

Timeline

Published Nov 30, 2023

Tracked Since Feb 18, 2026