Sony Catalyst Production Suite Privilege Escalation Vulnerability [CVE-2019-19364]

December 5, 2019 Duncan 3318 Views 0 Comments CVE-2019-19364, Privilege Escalation Vulnerability, Sony Catalyst Production Suite 0 min read

CVE number – CVE-2019-19364

In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).

Product: CatalystProductionSuite.2019.1.exe
Version: 1.1.0.21

Product: CatalystBrowseSuite.2019.1.exe
Version: 1.1.0.21

The installers try to load DLLs that don’t exist from its current directory. Both installers try to load a dll named “NETUTILS.dll”. by doing so, an attacker can quickly escalate its privileges.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Sony Catalyst Production Suite Privilege Escalation Vulnerability [CVE-2019-19364]

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply