CVE: CVE-2008-3324

Export to Word

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00409
Percentile: 0.60398

CVSS Scoring

CVSS v3.1 Score: 8.1

Severity: HIGH

Mapped CWE(s)

CWE-494 : Download of Code Without Integrity Check

All CAPEC(s)

CAPEC-184: Software Integrity Attack
CAPEC-185: Malicious Software Download
CAPEC-186: Malicious Software Update
CAPEC-187: Malicious Automated Software Update via Redirection
CAPEC-533: Malicious Manual Software Update
CAPEC-538: Open-Source Library Manipulation
CAPEC-657: Malicious Automated Software Update via Spoofing
CAPEC-662: Adversary in the Browser (AiTB)
CAPEC-691: Spoof Open-Source Software Metadata
CAPEC-692: Spoof Version Control System Commit Metadata
CAPEC-693: StarJacking
CAPEC-695: Repo Jacking

CAPEC(s) with Mapped TTPs

CAPEC-186: Malicious Software Update
Mapped TTPs:
- T1195.002 : Compromise Software Supply Chain
CAPEC-187: Malicious Automated Software Update via Redirection
Mapped TTPs:
- T1072 : Software Deployment Tools
CAPEC-538: Open-Source Library Manipulation
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
CAPEC-657: Malicious Automated Software Update via Spoofing
Mapped TTPs:
- T1072 : Software Deployment Tools
CAPEC-662: Adversary in the Browser (AiTB)
Mapped TTPs:
- T1185 : Browser Session Hijacking
CAPEC-691: Spoof Open-Source Software Metadata
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
- T1195.002 : Compromise Software Supply Chain
CAPEC-695: Repo Jacking
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools

Mapped ATT&CK TTPs

T1195.002 : Compromise Software Supply Chain
Kill Chain: initial-access
T1072 : Software Deployment Tools
Kill Chain: execution
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1072 : Software Deployment Tools
Kill Chain: execution
T1185 : Browser Session Hijacking
Kill Chain: collection
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1195.002 : Compromise Software Supply Chain
Kill Chain: initial-access
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access

Malware

APTs Threat Group Associations

Campaigns

SolarWinds Compromise
C0018

Affected Products

cpe:2.3:a:party_gaming:party_poker_client:121-120:*:*:*:*:*:*:*

← Back to Home