1 results (0.003 seconds)
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33879
https://notcve.org/view.php?id=CVE-2021-33879
06 Jun 2021 — Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine. Tencent GameLoop v... • https://github.com/mmiszczyk/cve-2021-33879 • CWE-494: Download of Code Without Integrity Check •