CVE-2022-47636 — HIGH (7.8)

Vulnerability Description

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Outsystems	Service Studio	11.53.30

Related Weaknesses (CWE)

CWE-427

References

http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/51678ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/51678ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2022-47636?

CVE-2022-47636 is a vulnerability with a CVSS score of 7.8 (HIGH). A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the follo...

How severe is CVE-2022-47636?

CVE-2022-47636 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47636?

Check the references section above for vendor advisories and patch information. Affected products include: Outsystems Service Studio.