CVE-2024-11859 — Uncontrolled Search Path Element in Spol S R.O Eset Endpoint Antivirus FOR Windows

CWE-427 — Uncontrolled Search Path Element5 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.4%

top 42.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eset Spol S R.O Eset Endpoint Antivirus FOR Windows Eset Spol S R.O Eset Endpoint Security FOR Windows Eset Spol S R.O Eset Internet Security +8 more

Timeline

PublishedApr 7

Description

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages11 packages

▶CVEListV5eset_spol_s_r.o/eset_safe_server18.0.12.0

▶CVEListV5eset_spol_s_r.o/eset_nod32_antivirus18.0.12.0

▶CVEListV5eset_spol_s_r.o/eset_internet_security18.0.12.0

▶CVEListV5eset_spol_s_r.o/eset_security_ultimate18.0.12.0

▶CVEListV5eset_spol_s_r.o/eset_smart_security_premium18.0.12.0

🔴Vulnerability Details

CVEList

DLL Search Order Hijacking in ESET products for Windows↗2025-04-07

▶

GHSA

GHSA-w85p-m37q-fvfw: DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and ex↗2025-04-07

▶

VulnCheck

eset internet_security Uncontrolled Search Path Element↗2024

▶

🕵️Threat Intelligence

Securelist

How ToddyCat tried to hide behind AV software↗2025-04-07

▶