CVE-2022-47636

HIGH

OutSystems Service Studio 11 11.53.30 - Uncontrolled Search Path Element via .oml File Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-47636. PoCs published by shinnai.

AI-analyzed exploit summary This is a writeup describing a DLL hijacking vulnerability in OutSystems Service Studio 11.53.30. The application loads specific DLLs from the same directory as an .oml file, allowing arbitrary code execution in the context of the current user.

Description

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

Exploits (1)

exploitdb WRITEUP

by shinnai · textlocalwindows

https://www.exploit-db.com/exploits/51678

View Code ZIP pw:eip

This is a writeup describing a DLL hijacking vulnerability in OutSystems Service Studio 11.53.30. The application loads specific DLLs from the same directory as an .oml file, allowing arbitrary code execution in the context of the current user.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OutSystems Service Studio 11.53.30 (Build 61739)

No auth needed

Prerequisites: Ability to place a malicious DLL in the same directory as a crafted .oml file · User interaction to open the .oml file

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51678

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

outsystems/service_studio 11.53.30

Published Aug 10, 2023

Tracked Since Feb 18, 2026