Vulnerability Description
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flightsimlabs | A320-X | 2.0.1.231 |
Related Weaknesses (CWE)
References
- https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/Issue Tracking
- https://medium.com/%40lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4
- https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_tIssue TrackingPress/Media Coverage
- https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/Issue Tracking
- https://medium.com/%40lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4
- https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_tIssue TrackingPress/Media Coverage
FAQ
What is CVE-2018-7259?
CVE-2018-7259 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been ent...
How severe is CVE-2018-7259?
CVE-2018-7259 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7259?
Check the references section above for vendor advisories and patch information. Affected products include: Flightsimlabs A320-X.