Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.
A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.
A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426.
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.
Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.