CVE-2021-22000 – VMware ThinApp DLL Hijacking

https://notcve.org/view.php?id=CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it. VMware Thinapp versión 5.x anterior a 5.2.10 contiene una vulnerabilidad de secuestro de DLL debido a la carga no segura de DLL. Un actor malicioso con privilegios no administrativos puede explotar esta vulnerabilidad para elevar los privilegios a nivel de administrador en el sistema operativo Windows que tenga instalado VMware ThinApp VMware ThinApp suffered from a dll hijacking vulnerability. • http://packetstormsecurity.com/files/163521/VMware-ThinApp-DLL-Hijacking.html http://seclists.org/fulldisclosure/2021/Jul/35 https://www.vmware.com/security/advisories/VMSA-2021-0015.html • CWE-427: Uncontrolled Search Path Element •