An Executable Hijacking condition exists in the Qualys...
High severity
Unreviewed
Published
Apr 18, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 18, 2023
Published to the GitHub Advisory Database
Apr 18, 2023
Last updated
Apr 4, 2024
An Executable Hijacking condition exists in the
Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers
may load a malicious copy of a Dependency Link Library (DLL) via a local
attack vector instead of the DLL that the application was expecting, when
processes are running with escalated privileges. This vulnerability
is bounded only to the time of uninstallation and can only be exploited
locally.
At the time of this disclosure, versions before 4.0 are classified as End of
Life.
References