8.4
CVE-2024-11859
- EPSS 2.01%
- Veröffentlicht 07.04.2025 08:08:22
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@eset.com
- CVE-Watchlists
- Unerledigt
DLL Search Order Hijacking in ESET products for Windows
DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerESET, spol. s r.o.
≫
Produkt
ESET NOD32 Antivirus
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Internet Security
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Smart Security Premium
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Security Ultimate
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Endpoint Antivirus for Windows
Default Statusunaffected
Version <=
12.0.2038.0
Version
0
Status
affected
Version <=
11.1.2053.2
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Endpoint Security for Windows
Default Statusunaffected
Version <=
12.0.2038.0
Version
0
Status
affected
Version <=
11.1.2053.2
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Small Business Security
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Safe Server
Default Statusunaffected
Version <=
18.0.12.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Server Security for Windows Server
Default Statusunaffected
Version <=
11.1.12005.2
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Mail Security for Microsoft Exchange Server
Default Statusunaffected
Version <=
11.1.10008.0
Version
0
Status
affected
Version <=
11.0.10008.0
Version
0
Status
affected
Version <=
10.1.10014.0
Version
0
Status
affected
HerstellerESET, spol. s r.o.
≫
Produkt
ESET Security for Microsoft SharePoint Server
Default Statusunaffected
Version <=
11.1.15001.0
Version
0
Status
affected
Version <=
11.0.15004.0
Version
0
Status
affected
Version <=
10.0.15005.1
Version
0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.01% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@eset.com | 8.4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed