CVE-2019-19364

HIGH

CatalystProductionSuite/CatalystBrowseSuite <1.1.0.21 - Privilege E...

Title source: llm

Description

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.

References (1)

[Exploit, Third Party Advisory] https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

sony/catalyst_browse < 2019.1

sony/catalyst_production_suite < 2019.1

Timeline

Published Dec 04, 2019

Tracked Since Feb 18, 2026