CVE-2024-11859

8.4

High

Published:7 Apr 2025

Last updated:17 Jun 2026

Source:security@eset.com

Deferred

Weakness (CWE)

CWE-427CWE-427

CVSS Vector

v4.0

Attack Vector: Local
Attack Complexity: Low
Attack Requirements: None
Privileges Required: Low
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): None
Confidentiality (Subsequent): None
Integrity (Subsequent): None
Availability (Subsequent): None

View on MITRE Find PoC on GitHub

Description

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

References

security@eset.com

https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed