Tag
AVACAST DLL Hijacking Vulnerability (CVE-2026-7279)
2 rules 1 TTP 1 CVEA DLL hijacking vulnerability in eMPIA Technology's AVACAST (CVE-2026-7279) allows authenticated local attackers to achieve arbitrary code execution with system privileges by placing a malicious DLL in a specific directory.
Mobatek MobaXterm Home Edition Uncontrolled Search Path Vulnerability (CVE-2026-6421)
2 rules 1 TTP 1 CVECVE-2026-6421 is an uncontrolled search path vulnerability in Mobatek MobaXterm Home Edition up to version 26.1, affecting msimg32.dll, that can be exploited locally with high complexity.
MemProcFS DLL and Shared Library Hijacking Vulnerability
2 rules 3 TTPs 1 CVEMemProcFS before 5.17 is susceptible to DLL and shared-library hijacking due to unsafe library-loading patterns, allowing attackers to achieve arbitrary code execution by placing malicious libraries or manipulating the library search path.
CVE-2026-3780: Local Privilege Escalation via Untrusted Search Path in Application Installer
2 rules 1 TTP 1 CVEAn application installer vulnerable to CVE-2026-3780 runs with elevated privileges but resolves system executables and DLLs using an untrusted search path, enabling local privilege escalation by allowing a local attacker to inject malicious binaries.
Potential Windows Session Hijacking via CcmExec
2 rules 1 TTPAdversaries may exploit Microsoft's System Center Configuration Manager by loading malicious DLLs into SCNotification.exe, a process associated with user notifications, potentially leading to Windows session hijacking.
Suspicious Antimalware Scan Interface DLL Creation
2 rules 1 TTPAn adversary may attempt to bypass AMSI by creating a rogue AMSI DLL in an unusual location to evade detection.
Execution via Local SxS Shared Module
2 rules 2 TTPsThis rule detects the creation, modification, or deletion of DLL files within Windows SxS local folders, which could indicate an attempt to execute malicious payloads by abusing shared module loading.