CVE-2024-11859

Summary

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

Affected Software

VendorProductVersion RangeStatus
ESET, spol. s r.o.ESET NOD32 Antivirus0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Internet Security0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Smart Security Premium0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Security Ultimate0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 12.0.2038.0affected
ESET, spol. s r.o.ESET Endpoint Antivirus for Windows0 <= 11.1.2053.2affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 12.0.2038.0affected
ESET, spol. s r.o.ESET Endpoint Security for Windows0 <= 11.1.2053.2affected
ESET, spol. s r.o.ESET Small Business Security0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Safe Server0 <= 18.0.12.0affected
ESET, spol. s r.o.ESET Server Security for Windows Server0 <= 11.1.12005.2affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 11.1.10008.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 11.0.10008.0affected
ESET, spol. s r.o.ESET Mail Security for Microsoft Exchange Server0 <= 10.1.10014.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 11.1.15001.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 11.0.15004.0affected
ESET, spol. s r.o.ESET Security for Microsoft SharePoint Server0 <= 10.0.15005.1affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References