A DLL hijacking flaw in CactusViewer allows a malicious DLL to be loaded in place of a legitimate dependency. By dropping a crafted DLL with the same name as an expected library, an attacker can execute arbitrary code under the privileges of the application, enabling privilege escalation. This vulnerability can compromise confidentiality, integrity, and availability of the host system.

The affected product is the GitHub project Wassimulator CactusViewer, specifically release 2.3.0. No vendor or product name is provided in official CNA data, but the release is distributed as CactusViewer.exe on GitHub. Affected systems include any machines running the 2.3.0 Windows executable without proper security controls.

The vulnerability has an EPSS score of <1 % and is not listed in the CISA KEV catalog, yet the CVSS score of 7.8 indicates that arbitrary code execution is possible, classifying the flaw as high-risk. Exploitation requires the attacker to supply a malicious DLL into the application’s search path, typically by writing to a writable directory used by the program. The attack vector is inferred to be local or remote through file placement, and the condition is that the attack surface includes writable directories and there is no hardening of the DLL search order. Given the severity of Remote Code Execution, security professionals should treat this flaw as critical.