CVE-2024-48605

HIGH

Helakuru 1.1 - Uncontrolled Search Path Element via wow64log.dll

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-48605. PoCs published by Ahsan Azad, surajhacx.

AI-analyzed exploit summary This exploit leverages DLL search order hijacking in Hubstaff 1.6.13/1.6.14 by placing a malicious wow64log.dll in system32, which is loaded by the application during installation, resulting in remote code execution via a reverse shell.

Description

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.

Exploits (2)

exploitdb WORKING POC

by Ahsan Azad · textlocalwindows

https://www.exploit-db.com/exploits/51461

View Code ZIP pw:eip

This exploit leverages DLL search order hijacking in Hubstaff 1.6.13/1.6.14 by placing a malicious wow64log.dll in system32, which is loaded by the application during installation, resulting in remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Hubstaff 1.6.13, 1.6.14

No auth needed

Prerequisites: Access to place DLL in system32 · Network connectivity for reverse shell

MITRE ATT&CK

T1574.001 - DLL T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by surajhacx · poc

https://github.com/surajhacx/HelakuruV.1.1-DLLHijack

View Code ZIP pw:eip

This repository demonstrates a DLL hijacking vulnerability in Helakuru Desktop 1.1v, where the application attempts to load the non-existent wow64log.dll, allowing arbitrary code execution via a malicious DLL. The PoC includes a simple DLL that launches calc.exe upon loading.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Helakuru Desktop 1.1v

No auth needed

Prerequisites: Malicious wow64log.dll placed in the application's search path · Helakuru Desktop 1.1v installed and executed

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Not Applicable

https://clement.notin.org/blog/2020/09/12/CVE-2020-7315-McAfee-Agent-DLL-injection/

Exploit

https://github.com/surajhacx/HelakuruV.1.1-DLLHijack

Not Applicable

https://medium.com/%40xNEED/dll-hijacking-jagexlauncher-819599165822

Not Applicable

https://www.exploit-db.com/exploits/51461

Scores

CVSS v3 7.8

EPSS 0.0053

EPSS Percentile 40.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

helakuru/helakuru 1.1

Published Oct 22, 2024

Tracked Since Feb 18, 2026