A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process.
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability."
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.
A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15.
An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329.
A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process.
Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.
A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version.
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.