← back
CVE-2022-47636

CVE-2022-47636

EPSS 1.1%
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.htmlunverifiedcve_referencewww.exploit-db.com/exploits/51678unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/174127/OutSystems-Service-Studio-11.53.30-DLL-Hijacking.htmlhttps://www.exploit-db.com/exploits/51678