CVE-2024-48605

HIGH

Helakuru - Uncontrolled Search Path

Title source: rule

Description

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.

Exploits (2)

nomisec WORKING POC 4 stars

by surajhacx · poc

https://github.com/surajhacx/HelakuruV.1.1-DLLHijack

View Code ZIP pw:eip

exploitdb WORKING POC

by Ahsan Azad · textlocalwindows

https://www.exploit-db.com/exploits/51461

View Code ZIP pw:eip

References (4)

[Not Applicable] https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection/

[Exploit] https://github.com/surajhacx/HelakuruV.1.1-DLLHijack

[Not Applicable] https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822

[Not Applicable] https://www.exploit-db.com/exploits/51461

Scores

CVSS v3 7.8

EPSS 0.0746

EPSS Percentile 91.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

helakuru/helakuru

Timeline

Published Oct 22, 2024

Tracked Since Feb 18, 2026