Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47636: OffSec’s Exploit Database Archive

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

CVE
Open in Source
#vulnerability#windows#auth
# Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://www.outsystems.com/
# Version: Up to 11.53.30 (Build 61739)
# Tested on: Windows
# CVE : CVE-2022-47636

A DLL hijacking vulnerability has been discovered in OutSystems Service 
Studio 11 11.53.30 build 61739.
When a user open a .oml file (OutSystems Modeling Language), the 
application will load the following DLLs from the same directory:

av_libGLESv2.dll
libcef.DLL
user32.dll
d3d10warp.dll

Using a crafted DLL, it is possible to execute arbitrary code in the 
context of the current logged in user.

Related news

OutSystems Service Studio 11.53.30 DLL Hijacking

OutSystems Service Studio version 11.53.30 suffers from a dll hijacking vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE