CVE-2019-19364

Published: Dec 4, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.

Affected (2)

Products: Sony: Catalyst Browse, Catalyst Production Suite

2 products

Catalyst Browse

Catalyst Production Suite

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sony Catalyst Browse	Up to 2019.1
Sony Catalyst Production Suite	Up to 2019.1

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.