CVE-2024-9494
Published: 24 January 2025
Description
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Security Summary
CVE-2024-9494 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the CP210 VCP Win 2k installer, a component provided by Silicon Labs for USB-to-serial driver installation on Windows 2000 systems. The issue allows malicious DLLs to be loaded and executed during installer execution, with a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A local attacker can exploit this vulnerability by placing a malicious DLL in a directory that the installer searches before secure paths, tricking a user into running the affected installer. No privileges are required beforehand, but user interaction is needed to launch the installer. Successful exploitation leads to privilege escalation and arbitrary code execution with the installer's elevated permissions.
Silicon Labs has published details on this vulnerability in their community advisory at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for recommended mitigations and patches.
Details
- CWE(s)