Home Tools Exploits & CVE's OutSystems Service Studio 11.53.30 DLL Hijacking

OutSystems Service Studio 11.53.30 DLL Hijacking

August 14, 2023

159

OutSystems Service Studio version 11.53.30 suffers from a dll hijacking vulnerability.

advisories | CVE-2022-47636

# Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://www.outsystems.com/
# Version: Up to 11.53.30 (Build 61739)
# Tested on: Windows
# CVE : CVE-2022-47636

A DLL hijacking vulnerability has been discovered in OutSystems Service 
Studio 11 11.53.30 build 61739.
When a user open a .oml file (OutSystems Modeling Language), the 
application will load the following DLLs from the same directory:

av_libGLESv2.dll
libcef.DLL
user32.dll
d3d10warp.dll

Using a crafted DLL, it is possible to execute arbitrary code in the 
context of the current logged in user.

OutSystems Service Studio 11.53.30 DLL Hijacking

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

ExifTool DjVu ANT Perl Injection

VisualWare MyConnection Server 11.x Remote Code Execution

Multix 2.4 Cross Site Request Forgery