CVE-2024-2658

HIGH Year: 2024
Weakness Type
CWE-427
View all →

Vulnerability Description

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

Related Vulnerabilities

CVE-2017-3090

CRITICAL
CVSS:9.8(Critical)

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the ins...

CWE-4272017

CVE-2017-3092

CRITICAL
CVSS:9.8(Critical)

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the insta...

CWE-4272017

CVE-2017-3097

CRITICAL
CVSS:9.8(Critical)

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful ...

CWE-4272017

CVE-2017-6517

CRITICAL
CVSS:9.8(Critical)

Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll...

CWE-4272017

CVE-2018-12805

CRITICAL
CVSS:9.8(Critical)

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

CWE-4272018

CVE-2019-20780

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sour...

CWE-4272019