CVE-2024-11859
DLL Search Order Hijacking in ESET products for Windows
Severity Score
6.8
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-11-27 CVE Reserved
- 2025-04-07 CVE Published
- 2025-04-07 CVE Updated
- 2025-04-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
- CAPEC-471: Search Order Hijacking
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.eset.com/en/ca8810-dll-search-order-hijacking-vulnerability-in-eset-products-for-windows-fixed |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET NOD32 Antivirus Search vendor "ESET, Spol. S R.o." for product "ESET NOD32 Antivirus" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET NOD32 Antivirus" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Internet Security Search vendor "ESET, Spol. S R.o." for product "ESET Internet Security" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET Internet Security" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Smart Security Premium Search vendor "ESET, Spol. S R.o." for product "ESET Smart Security Premium" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET Smart Security Premium" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Security Ultimate Search vendor "ESET, Spol. S R.o." for product "ESET Security Ultimate" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET Security Ultimate" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Endpoint Antivirus For Windows Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus For Windows" | <= 12.0.2038.0 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus For Windows" and version " <= 12.0.2038.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Endpoint Antivirus For Windows Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus For Windows" | <= 11.1.2053.2 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Antivirus For Windows" and version " <= 11.1.2053.2" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Endpoint Security For Windows Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows" | <= 12.0.2038.0 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows" and version " <= 12.0.2038.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Endpoint Security For Windows Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows" | <= 11.1.2053.2 Search vendor "ESET, Spol. S R.o." for product "ESET Endpoint Security For Windows" and version " <= 11.1.2053.2" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Small Business Security Search vendor "ESET, Spol. S R.o." for product "ESET Small Business Security" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET Small Business Security" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Safe Server Search vendor "ESET, Spol. S R.o." for product "ESET Safe Server" | <= 18.0.12.0 Search vendor "ESET, Spol. S R.o." for product "ESET Safe Server" and version " <= 18.0.12.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Server Security For Windows Server Search vendor "ESET, Spol. S R.o." for product "ESET Server Security For Windows Server" | <= 11.1.12005.2 Search vendor "ESET, Spol. S R.o." for product "ESET Server Security For Windows Server" and version " <= 11.1.12005.2" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Mail Security For Microsoft Exchange Server Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" | <= 11.1.10008.0 Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" and version " <= 11.1.10008.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Mail Security For Microsoft Exchange Server Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" | <= 11.0.10008.0 Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" and version " <= 11.0.10008.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Mail Security For Microsoft Exchange Server Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" | <= 10.1.10014.0 Search vendor "ESET, Spol. S R.o." for product "ESET Mail Security For Microsoft Exchange Server" and version " <= 10.1.10014.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Security For Microsoft SharePoint Server Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" | <= 11.1.15001.0 Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" and version " <= 11.1.15001.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Security For Microsoft SharePoint Server Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" | <= 11.0.15004.0 Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" and version " <= 11.0.15004.0" | en |
Affected
| ||||||
| ESET, Spol. S R.o. Search vendor "ESET, Spol. S R.o." | ESET Security For Microsoft SharePoint Server Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" | <= 10.0.15005.1 Search vendor "ESET, Spol. S R.o." for product "ESET Security For Microsoft SharePoint Server" and version " <= 10.0.15005.1" | en |
Affected
| ||||||