Lucene search
K

122 matches found

Vulnrichment
Vulnrichment
added 2023/03/13 12:0 a.m.8 views

CVE-2023-24578

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks...

5.6AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/13 12:0 a.m.31 views

CVE-2023-24578

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks...

5.8AI score0.00254EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/03/02 8:3 a.m.68 views

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

0.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/09 3:59 p.m.24 views

Evasion Techniques Uncovered: An Analysis of APT Methods

By Christiaan Beek, with special thanks to Matt Green DLL search order hijacking is a technique used by attackers to elevate privileges on the compromised system, evade restrictions, and/or establish persistence on the system. The Windows operating system uses a common method to look for required...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/05 11:15 p.m.23 views

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...

7.1AI score
Exploits0
NVD
NVD
added 2022/11/17 11:15 p.m.25 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

7.8CVSS0.09092EPSS
Exploits0References3
OSV
OSV
added 2022/11/17 11:15 p.m.6 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

7.8CVSS5.5AI score0.09092EPSS
Exploits0References3
Prion
Prion
added 2022/11/17 11:15 p.m.21 views

Design/Logic Flaw

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

4.4CVSS7.5AI score0.09092EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.8 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

7.6AI score0.09092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.3 views

PT-2022-6232 · Apple +1 · Mdnsresponder.Exe +1

Name of the Vulnerable Software and Affected Versions: mDNSResponder.exe affected versions not specified Audinate Dante Application Library version le1.2.0 Description: The issue is related to a DLL Sideloading attack, where the executable improperly specifies how to load the DLL, from which fold...

7.8CVSS9.4AI score0.09092EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2022/11/17 12:0 a.m.9 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. Recent assessments:...

7.8CVSS6.8AI score0.09092EPSS
In wildExploits0References4
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.225 views

CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files...

7.8AI score0.09092EPSS
Exploits0References2
CVE
CVE
added 2022/11/17 12:0 a.m.229 views

CVE-2022-23748

CVE-2022-23748 describes a DLL sideloading vulnerability in mDNSResponder.exe (Audinate Dante environment) where the executable’s DLL loading path/conditions allow loading of malicious DLLs. Connected docs confirm the root cause is improper DLL loading, enabling a local attacker to leverage the D...

7.8CVSS7.5AI score0.09092EPSS
In wildExploits0References3Affected Software1
Securelist
Securelist
added 2022/10/31 8:0 a.m.25 views

APT10: Tracking down LODEINFO 2022, part I

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.6 views

CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

8.2CVSS7.7AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2022/06/20 11:15 a.m.4 views

CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

8.2CVSS7.5AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2022/06/20 11:15 a.m.26 views

CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

8.2CVSS0.00348EPSS
Exploits0References1
Prion
Prion
added 2022/06/20 11:15 a.m.23 views

Design/Logic Flaw

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

4.4CVSS8.3AI score0.00348EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/20 10:15 a.m.68 views

CVE-2022-1824

McAfee Consumer Product Removal Tool (MCPR) versions prior to 10.4.128 are affected by an uncontrolled search path vulnerability that enables a local user to perform a sideloading attack via a specific filename, potentially gaining elevated privileges and executing arbitrary code due to insuffici...

8.2CVSS8.2AI score0.00348EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/20 10:15 a.m.34 views

CVE-2022-1824 McAfee MCPR privilege escalation

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

7.9CVSS8.5AI score0.00348EPSS
Exploits0References1
Rows per page
Query Builder