CVE-2021-28927

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:libretro:retroarch:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

27 May 2022, 16:28

Type Values Removed Values Added
References (MISC) https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0 - (MISC) https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0 - Exploit, Third Party Advisory
CPE cpe:2.3:a:libretro:retroarch:1.9.0:*:*:*:*:*:*:* cpe:2.3:a:libretro:retroarch:*:*:*:*:*:*:*:*

16 Jun 2021, 19:15

Type Values Removed Values Added
References
  • (MISC) https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0 -

27 Apr 2021, 18:36

Type Values Removed Values Added
References (MISC) http://libretro.com - Vendor Advisory (MISC) http://libretro.com - Exploit, Vendor Advisory
References (MISC) http://retroarch.com - Product (MISC) http://retroarch.com - Product, Vendor Advisory
CPE cpe:2.3:a:libretro:retroarch:0.11:*:*:*:*:*:*:* cpe:2.3:a:libretro:retroarch:1.9.0:*:*:*:*:*:*:*

26 Apr 2021, 12:15

Type Values Removed Values Added
Summary The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.

14 Apr 2021, 17:35

Type Values Removed Values Added
References (MISC) https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c - (MISC) https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c - Patch, Third Party Advisory
References (MISC) http://libretro.com - (MISC) http://libretro.com - Vendor Advisory
References (MISC) http://retroarch.com - (MISC) http://retroarch.com - Product
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:libretro:retroarch:0.11:*:*:*:*:*:*:*

07 Apr 2021, 15:38

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-07 15:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-28927

Mitre link : CVE-2021-28927

CVE.ORG link : CVE-2021-28927


JSON object : View

Products Affected

microsoft

  • windows

libretro

  • retroarch
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')