Tag

Dll Hijacking

10 briefs RSS

Synology BeeDrive DLL Hijacking Vulnerability (CVE-2023-52945)

Synology BeeDrive for desktop before 1.3.2-13814 is vulnerable to an uncontrolled search path element, allowing local users to execute arbitrary code through a maliciously placed OpenSSL DLL component.

BeeDrive for desktop dll-hijacking privilege-escalation cve-2023-52945

2r 2t 1c 3w ago

high advisory

WPS Office Exploitation via DLL Hijack

2 rules 2 TTPs 2 CVEs

The rule detects the loading of a remote library by the WPS Office promecefpluginhost.exe executable, which may indicate exploitation of CVE-2024-7262 or CVE-2024-7263 via DLL hijacking abusing the ksoqing custom protocol handler.

WPS Office dll-hijacking wps-office cve-2024-7262 cve-2024-7263 execution initial-access

2r 2t 2c May 6, 2026

high advisory

Johnson Controls CEM AC2000 Privilege Escalation via DLL Hijacking

2 rules 1 TTP

A vulnerability exists in Johnson Controls CEM AC2000 versions 12.0, 11.0, and 10.6 due to an uncontrolled search path element that could allow a standard user to escalate privileges on the host machine via DLL hijacking.

CEM AC2000 privilege-escalation dll-hijacking cem-ac2000

2r 1t May 5, 2026

high advisory

AVACAST DLL Hijacking Vulnerability (CVE-2026-7279)

2 rules 1 TTP 1 CVE

A DLL hijacking vulnerability in eMPIA Technology's AVACAST (CVE-2026-7279) allows authenticated local attackers to achieve arbitrary code execution with system privileges by placing a malicious DLL in a specific directory.

AVACAST dll-hijacking privilege-escalation code-execution

2r 1t 1c Apr 28, 2026

medium advisory

Mobatek MobaXterm Home Edition Uncontrolled Search Path Vulnerability (CVE-2026-6421)

2 rules 1 TTP 1 CVE

CVE-2026-6421 is an uncontrolled search path vulnerability in Mobatek MobaXterm Home Edition up to version 26.1, affecting msimg32.dll, that can be exploited locally with high complexity.

cve vulnerability mobaxterm dll hijacking

2r 1t 1c Apr 17, 2026

high advisory

MemProcFS DLL and Shared Library Hijacking Vulnerability

2 rules 3 TTPs 1 CVE

MemProcFS before 5.17 is susceptible to DLL and shared-library hijacking due to unsafe library-loading patterns, allowing attackers to achieve arbitrary code execution by placing malicious libraries or manipulating the library search path.

dll-hijacking library-hijacking code-execution memprocfs cve-2026-40031

2r 3t 1c Apr 8, 2026

high advisory

CVE-2026-3780: Local Privilege Escalation via Untrusted Search Path in Application Installer

2 rules 1 TTP 1 CVE

An application installer vulnerable to CVE-2026-3780 runs with elevated privileges but resolves system executables and DLLs using an untrusted search path, enabling local privilege escalation by allowing a local attacker to inject malicious binaries.

privilege-escalation cve-2026-3780 untrusted-search-path dll-hijacking installer

2r 1t 1c Apr 1, 2026

medium advisory

Potential Windows Session Hijacking via CcmExec

2 rules 1 TTP

Adversaries may exploit Microsoft's System Center Configuration Manager by loading malicious DLLs into SCNotification.exe, a process associated with user notifications, potentially leading to Windows session hijacking.

System Center Configuration Manager defense-evasion dll-hijacking sccm

2r 1t Jul 3, 2024

high advisory

Suspicious Antimalware Scan Interface DLL Creation

2 rules 1 TTP

An adversary may attempt to bypass AMSI by creating a rogue AMSI DLL in an unusual location to evade detection.

Microsoft Defender XDR +4 defense-evasion amsi-bypass dll-hijacking windows

2r 1t Jan 3, 2024

medium advisory

Execution via Local SxS Shared Module

2 rules 2 TTPs

This rule detects the creation, modification, or deletion of DLL files within Windows SxS local folders, which could indicate an attempt to execute malicious payloads by abusing shared module loading.

M365 Defender +4 execution defense-evasion dll-hijacking

2r 2t Jan 3, 2024