CVE-2022-47636

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

References

Link	Resource
http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/51678	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/51678	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:outsystems:service_studio:11.53.30:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/51678 - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/51678 - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2023-08-10 16:15

Updated : 2024-11-21 07:32

NVD link : CVE-2022-47636

Mitre link : CVE-2022-47636

CVE.ORG link : CVE-2022-47636

JSON object : View

Products Affected

service_studio

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-47636", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-10T16:15:09.627", "references": [{"url": "http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51678", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/51678", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de secuestro de DLL en OutSystems Service Studio 11 11.53.30 build 61739. Cuando un usuario abre un archivo .oml (OutSystems Modeling Language), la aplicaci\u00f3n cargar\u00e1 las siguientes DLL del mismo directorio av_libGLESv2.dll, libcef.DLL, user32.dll, y d3d10warp.dll. Utilizando una DLL maliciosa, es posible ejecutar c\u00f3digo arbitrario en el contexto del usuario que ha iniciado la sesi\u00f3n."}], "lastModified": "2024-11-21T07:32:17.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:outsystems:service_studio:11.53.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38B2C3D-12C6-4A10-9376-7D977BD74121"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}