CVE-2024-11859: DLL Search Order Hijacking in ESET products for Windows

6.8 CVSS

Description

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

Classification

CVE ID: CVE-2024-11859

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-427 Uncontrolled Search Path Element

Affected Products

Vendor: ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o., ESET, spol. s r.o.

Product: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Small Business Security, ESET Safe Server, ESET Server Security for Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Security for Microsoft SharePoint Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.89% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11859
https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed

Timeline

2025-04-07 09:40:13 UTC
CVE

DLL Search Order Hijacking in ESET products for Windows