CVE-2019-19364
HIGHSony Catalyst Production Suite and Catalyst Browse Suite <1.1.0.21 - DLL Hijacking Privilege Escalation
Title source: llmDescription
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350
Scores
CVSS v3
7.8
EPSS
0.0047
EPSS Percentile
37.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (2)
sony/catalyst_browse
< 2019.1
sony/catalyst_production_suite
< 2019.1
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026