8.4

CVE-2024-11859

Medienbericht

DLL Search Order Hijacking in ESET products for Windows

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerESET, spol. s r.o.
Produkt ESET NOD32 Antivirus
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Internet Security
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Smart Security Premium
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Security Ultimate
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Endpoint Antivirus for Windows
Default Statusunaffected
Version <= 12.0.2038.0
Version 0
Status affected
Version <= 11.1.2053.2
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Endpoint Security for Windows
Default Statusunaffected
Version <= 12.0.2038.0
Version 0
Status affected
Version <= 11.1.2053.2
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Small Business Security
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Safe Server
Default Statusunaffected
Version <= 18.0.12.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Server Security for Windows Server
Default Statusunaffected
Version <= 11.1.12005.2
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Mail Security for Microsoft Exchange Server
Default Statusunaffected
Version <= 11.1.10008.0
Version 0
Status affected
Version <= 11.0.10008.0
Version 0
Status affected
Version <= 10.1.10014.0
Version 0
Status affected
HerstellerESET, spol. s r.o.
Produkt ESET Security for Microsoft SharePoint Server
Default Statusunaffected
Version <= 11.1.15001.0
Version 0
Status affected
Version <= 11.0.15004.0
Version 0
Status affected
Version <= 10.0.15005.1
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.01% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@eset.com 8.4 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed