Arbitrary code execution in Solar Controls Heating Control Downloader

Published: 2017-08-10 00:00:00 | Updated: 2017-08-15 10:22:12
Severity Low
Patch available NO
Number of vulnerabilities 1
CVSSv2 6.1 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
CVE ID CVE-2017-9646
Exploitation vector Local
Public exploit Not available
Vulnerable software Heating Control Downloader
Vulnerable software versions Heating Control Downloader 1.0.1
Heating Control Downloader
Vendor URL Solar Controls
Advisory type Public

Security Advisory

1) Insecure DLL loading


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to untrusted search path element. A local attacker can load a specially crafted .dll file, gain root access and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

External links

Back to List