Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2024-09-16 | 7.8 High |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||||
| CVE-2021-21518 | 1 Dell | 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-09-16 | 7.8 High |
| Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | ||||
| CVE-2021-38469 | 1 Auvesy | 1 Versiondog | 2024-09-16 | 9.1 Critical |
| Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL. | ||||
| CVE-2021-35982 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-09-16 | 7.3 High |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. | ||||
| CVE-2020-6789 | 1 Bosch | 1 Monitor Wall | 2024-09-16 | 7.8 High |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | ||||
| CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2024-09-16 | N/A |
| DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | ||||
| CVE-2018-3649 | 1 Intel | 18 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 15 more | 2024-09-16 | N/A |
| DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution. | ||||
| CVE-2020-6654 | 1 Eaton | 1 9000x Programming And Configuration Software | 2024-09-16 | 7.8 High |
| A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | ||||
| CVE-2019-3613 | 1 Mcafee | 1 Agent | 2024-09-16 | 5.9 Medium |
| DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | ||||
| CVE-2021-38416 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed. | ||||
| CVE-2021-21007 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-09-16 | 7 High |
| Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-09-16 | 7.8 High |
| Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | ||||
| CVE-2022-28247 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 6.7 Medium |
| Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges. | ||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2024-09-16 | 7.8 High |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | ||||
| CVE-2020-24420 | 2 Adobe, Microsoft | 2 Photoshop, Windows | 2024-09-16 | 7 High |
| Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2017-6329 | 1 Symantec | 1 Vip Access For Desktop | 2024-09-16 | N/A |
| Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. | ||||
| CVE-2019-3726 | 1 Dell | 3 Client Platforms, Emc Servers, Update Package Framework | 2024-09-16 | 6.7 Medium |
| An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. | ||||
| CVE-2017-11159 | 2 Microsoft, Synology | 2 Windows, Photo Station Uploader | 2024-09-16 | N/A |
| Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | ||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-09-16 | 6.5 Medium |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | ||||
| CVE-2018-13806 | 1 Siemens | 1 Td Keypad Designer | 2024-09-16 | N/A |
| A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||