Main Vulnerability Database Vulnerabilities #VU95794

#VU95794 Insecure DLL loading in Dome - CVE-2024-7244

Published: August 12, 2024

Vulnerability identifier: #VU95794

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-7244

CWE-ID: CWE-427

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Dome

Software vendor:
Panda Security SL

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner within the VPN process. A local user can place a specially crafted .dll file and execute arbitrary code on victim's system with elevated privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.zerodayinitiative.com/advisories/ZDI-24-1014/

#VU95794 Insecure DLL loading in Dome - CVE-2024-7244

Description

Remediation

External links

Please verify you're human