Описание
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2019.1 (включая)Версия до 2019.1 (включая)
Одно из
cpe:2.3:a:sony:catalyst_browse:*:*:*:*:*:*:*:*
cpe:2.3:a:sony:catalyst_production_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00221
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
Связанные уязвимости
github
около 3 лет назад
In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).
EPSS
Процентиль: 45%
0.00221
Низкий
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427