Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2019-17665 7.8 HIGH EPSS 0.00

NSA Ghidra < 9.0.2 - Uncontrolled Search Path

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

CWE-427 Oct 16, 2019

CVE-2019-6333 6.7 MEDIUM EPSS 0.00

Touchpoint Analytics < 4.1.4.2827 - Uncontrolled Search Path

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.

CWE-427 Oct 11, 2019

CVE-2019-3745 7.3 HIGH EPSS 0.00

Dell Encryption < 10.4.0 - Uncontrolled Search Path

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

CWE-427 Oct 07, 2019

CVE-2019-16407 7.3 HIGH EPSS 0.00

JetBrains ReSharper <2019.2 - DLL Hijacking

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

CWE-427 Oct 02, 2019

CVE-2019-3726 6.7 MEDIUM EPSS 0.00

Dell Update Package Framework < 3.8.3.67 - Uncontrolled Search Path

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.

CWE-427 Sep 24, 2019

CVE-2019-8076 7.8 HIGH EPSS 0.07

Adobe Application Manager - Uncontrolled Search Path

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

CWE-427 Sep 12, 2019

CVE-2019-11773 7.8 HIGH EPSS 0.00

Eclipse OMR <0.1 - Code Injection/Privilege Escalation

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.

CWE-427 Sep 12, 2019

CVE-2019-4447 7.8 HIGH EPSS 0.00

IBM DB2 High Performance Unload <6.1 - Command Injection

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.

CWE-427 Aug 26, 2019

CVE-2019-7364 7.8 HIGH EPSS 0.00

Autodesk Various - Code Execution

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

CWE-427 Aug 23, 2019

CVE-2019-7362 7.8 HIGH EPSS 0.00

Autodesk Design Review <2019 - Code Injection

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.

CWE-427 Aug 23, 2019

CVE-2019-14686 7.8 HIGH EPSS 0.00

Trend Micro Security <2019 - DLL Hijacking

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.

CWE-427 Aug 21, 2019

CVE-2019-14687 7.8 HIGH EPSS 0.00

Trend Micro Password Manager 5.0 - DLL Hijacking

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.

CWE-427 Aug 20, 2019

CVE-2019-14684 7.8 HIGH EPSS 0.00

Trend Micro Password Manager 5.0 - DLL Hijacking

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

CWE-427 Aug 20, 2019

CVE-2019-5631 7.8 HIGH EPSS 0.00

Rapid7 Insightappsec < 2019.06.24 - Uncontrolled Search Path

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.

CWE-427 Aug 19, 2019

CVE-2019-8062 7.8 HIGH EPSS 0.02

Adobe After Effects < 16 - Uncontrolled Search Path

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-427 Aug 14, 2019

CVE-2019-7961 7.8 HIGH EPSS 0.02

Adobe Prelude CC <8.1 - Code Injection

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-427 Aug 14, 2019

CVE-2019-7931 7.8 HIGH EPSS 0.01

Adobe Premiere Pro CC <13.1.2 - RCE

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-427 Aug 14, 2019

CVE-2019-7870 7.8 HIGH EPSS 0.08

Adobe Character Animator <=2.1 - RCE

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-427 Aug 14, 2019

CVE-2019-4473 7.8 HIGH EPSS 0.00

IBM SDK - Code Injection

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.

CWE-427 Aug 05, 2019

CVE-2019-14242 6.7 MEDIUM EPSS 0.00

Bitdefender <6.6.8.115,23.0.24.120 - Code Injection

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.

CWE-427 Jul 30, 2019

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps