Vulnerability Description
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Catalyst Browse | <= 2019.1 |
| Sony | Catalyst Production Suite | <= 2019.1 |
Related Weaknesses (CWE)
References
- https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350ExploitThird Party Advisory
- https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350ExploitThird Party Advisory
FAQ
What is CVE-2019-19364?
CVE-2019-19364 is a vulnerability with a CVSS score of 7.8 (HIGH). A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability ...
How severe is CVE-2019-19364?
CVE-2019-19364 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19364?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Catalyst Browse, Sony Catalyst Production Suite.