CVE-2024-23746
https://notcve.org/view.php?id=CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). Miro Desktop 0.8.18 en macOS permite la inyección de código Electron. • https://github.com/louiselalanne/CVE-2024-23746 https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection https://miro.com/about https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-0984 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0984
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. El demultiplexor MP4 (mp4.c) para el reproductor multimedia VLC versión 0.8.6d y anterior, tal y como es usado en Miro Player versión 1.1 y anteriores, permite a los atacantes remotos sobrescribir la memoria arbitraria y ejecutar código arbitrario por medio de un archivo MP4 malformado. • https://www.exploit-db.com/exploits/5498 http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html http://secunia.com/advisories/29122 http://secunia.com/advisories/29153 http://secunia.com/advisories/29284 http://secunia.com/advisories/29766 http://www.coresecurity.com/?action=item&id=2147 http://www.debian.org/security/2008/dsa-1543 http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml http://www.securityfocus.com/archive/1/488841/100/0/th • CWE-399: Resource Management Errors •