CVE-2024-11859— DLL Search Order Hijacking in ESET products for Windows

EPSS 0.34% · P57 Updated Apr 16, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-11859

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

DLL Search Order Hijacking in ESET products for Windows

Source: NVD (National Vulnerability Database)

Vulnerability Description

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对搜索路径元素未加控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

ESET多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ESET Endpoint Antivirus等都是ESET公司的产品。ESET Endpoint Antivirus是一个适用于中小型和大型企业的内部部署和基于云的反恶意软件和安全套件。ESET Security是一系列安全杀毒软件。ESET NOD32 Antivirus是一款杀毒软件。 ESET多款产品存在安全漏洞，该漏洞源于DLL搜索顺序劫持，可能导致执行恶意代码。以下产品受到影响：ESET NOD32 Antivirus、ESET Endpoint Antivirus和ESET Security

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
ESET, spol. s r.o.	ESET NOD32 Antivirus	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Internet Security	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Smart Security Premium	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Security Ultimate	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Endpoint Antivirus for Windows	0 ~ 12.0.2038.0	-
ESET, spol. s r.o.	ESET Endpoint Security for Windows	0 ~ 12.0.2038.0	-
ESET, spol. s r.o.	ESET Small Business Security	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Safe Server	0 ~ 18.0.12.0	-
ESET, spol. s r.o.	ESET Server Security for Windows Server	0 ~ 11.1.12005.2	-
ESET, spol. s r.o.	ESET Mail Security for Microsoft Exchange Server	0 ~ 11.1.10008.0	-
ESET, spol. s r.o.	ESET Security for Microsoft SharePoint Server	0 ~ 11.1.15001.0	-

II. Public POCs for CVE-2024-11859

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-11859

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-11859

IV. Related Vulnerabilities

Same product: ESET NOD32 Antivirus

Same vendor: ESET, spol. s r.o.

Same weakness: CWE-427

V. Comments for CVE-2024-11859

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-11859— DLL Search Order Hijacking in ESET products for Windows

I. Basic Information for CVE-2024-11859

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-11859

III. Intelligence Information for CVE-2024-11859

IV. Related Vulnerabilities

V. Comments for CVE-2024-11859

Leave a comment