Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. IBM X-Force ID: 236581.ĭLL hijacking vulnerability in Smart Switch PC prior to version 3_3 allows attacker to execute arbitrary code. ![]() By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.ĭWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Local privilege escalation due to DLL hijacking vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. ![]() The LG ID is LVE-HOT-220005.Įfs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.Īn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Įlevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.Īn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. Local privilege escalation due to a DLL hijacking vulnerability. ![]() At the time of this disclosure, versions before 4.0 are classified as End of Life.Ī DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. ![]() NET DLL Hijacking Remote Code Execution VulnerabilityĪn Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. A successful attack depends on various preconditions beyond the attackers control. A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC.
0 Comments
Leave a Reply. |