VYPR
Unrated severityNVD Advisory· Published Aug 9, 2019· Updated Sep 16, 2024

NC Launcher 2 Arbitrary Command Injection Vulnerability

CVE-2019-12805

Description

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.

Affected products

2
  • Ncsoft/NC Launcher2llm-create2 versions
    <=2.4.1.691+ 1 more
    • (no CPE)range: <=2.4.1.691
    • (no CPE)range: 2.4.1.691 and earlier

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.