CVE & Exploit Intelligence Database

CVE-2019-19235 7.0 HIGH EPSS 0.00

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.

CWE-427 Dec 18, 2019

CVE-2019-18670 7.8 HIGH EPSS 0.00

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.

CWE-427 Dec 17, 2019

CVE-2019-3667 6.6 MEDIUM EPSS 0.00

DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.

CWE-427 Dec 11, 2019

CVE-2019-18575 7.1 HIGH EPSS 0.00

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

CWE-427 Dec 06, 2019

CVE-2019-19364 7.8 HIGH EPSS 0.00

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.

CWE-427 Dec 04, 2019

CVE-2019-15638 7.8 HIGH EPSS 0.00

COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.

CWE-427 Dec 04, 2019

CVE-2019-3750 5.5 MEDIUM EPSS 0.00

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

CWE-427 Dec 03, 2019

CVE-2019-3749 5.5 MEDIUM EPSS 0.00

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

CWE-427 Dec 03, 2019

CVE-2019-7365 7.8 HIGH EPSS 0.00

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.

CWE-427 Dec 03, 2019

CVE-2019-16001 5.3 MEDIUM EPSS 0.00

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account.

CWE-427 Nov 26, 2019

CVE-2019-18215 7.8 HIGH EPSS 0.00

An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms.

CWE-427 Nov 18, 2019

CVE-2019-12758 6.7 MEDIUM EPSS 0.00

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.

CWE-427 Nov 15, 2019

CVE-2019-7962 7.8 HIGH EPSS 0.00

Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CWE-427 Nov 14, 2019

CVE-2019-7960 7.8 HIGH EPSS 0.00

Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CWE-427 Nov 14, 2019

CVE-2019-5695 6.5 MEDIUM EPSS 0.00

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.

CWE-427 Nov 12, 2019

CVE-2019-5701 7.8 HIGH 1 Writeup EPSS 0.00

NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.

CWE-427 Nov 09, 2019

CVE-2019-5694 6.5 MEDIUM EPSS 0.00

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.

CWE-427 Nov 09, 2019

CVE-2019-6692 7.8 HIGH EPSS 0.00

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.

CWE-427 Oct 24, 2019

CVE-2019-17093 7.8 HIGH EPSS 0.00

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.

CWE-427 Oct 23, 2019

CVE-2019-9491 7.8 HIGH 1 PoC Analysis EPSS 0.22

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

CWE-427 Oct 21, 2019