CVE-2024-50986

HIGH

Clementine 1.3.1 - Untrusted Search Path

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50986. PoCs published by riftsandroses.

AI-analyzed exploit summary This PoC demonstrates a DLL hijacking vulnerability in Clementine v1.3.1, where a malicious QUSEREX.DLL placed in a specific directory is loaded by the application, leading to arbitrary code execution. The exploit uses msfvenom to generate a malicious DLL and Metasploit to establish a reverse shell.

Description

An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.

Exploits (1)

nomisec WORKING POC
by riftsandroses · poc
https://github.com/riftsandroses/CVE-2024-50986

This PoC demonstrates a DLL hijacking vulnerability in Clementine v1.3.1, where a malicious QUSEREX.DLL placed in a specific directory is loaded by the application, leading to arbitrary code execution. The exploit uses msfvenom to generate a malicious DLL and Metasploit to establish a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Clementine v1.3.1
No auth needed
Prerequisites: Local access to the target system · Ability to place a malicious DLL in C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\ · Metasploit framework for payload generation and handling
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.3
EPSS 0.0099
EPSS Percentile 57.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-426
Status published
Products (1)
clementine-player/clementine 1.3.1
Published Nov 15, 2024
Tracked Since Feb 18, 2026