CVE-2022-47636

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/51678	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:outsystems:service_studio:11.53.30:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-10 16:15

Updated : 2023-08-17 21:26

NVD link : CVE-2022-47636

Mitre link : CVE-2022-47636

CVE.ORG link : CVE-2022-47636

JSON object : View

Products Affected

outsystems

service_studio

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-47636", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-10T16:15:09.627", "references": [{"url": "http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/51678", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de secuestro de DLL en OutSystems Service Studio 11 11.53.30 build 61739. Cuando un usuario abre un archivo .oml (OutSystems Modeling Language), la aplicaci\u00f3n cargar\u00e1 las siguientes DLL del mismo directorio av_libGLESv2.dll, libcef.DLL, user32.dll, y d3d10warp.dll. Utilizando una DLL maliciosa, es posible ejecutar c\u00f3digo arbitrario en el contexto del usuario que ha iniciado la sesi\u00f3n."}], "lastModified": "2023-08-17T21:26:11.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:outsystems:service_studio:11.53.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38B2C3D-12C6-4A10-9376-7D977BD74121"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}