Cyber Resilience

CVE-2024-48605

HighPublic PoC

Published: 22 October 2024

Published
22 October 2024
Modified
30 October 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0584 90.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48605 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Helakuru Helakuru. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-48605 is a DLL hijacking vulnerability in the Helakuru Desktop Application version 1.1. It stems from insufficient validation of the wow64log.dll file, classified under CWE-427 as an uncontrolled search path element. The flaw received a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, and low privileges required for exploitation.

A local attacker can place a malicious wow64log.dll in a location searched by the application at runtime, causing it to load and execute arbitrary code. Successful exploitation grants the attacker full control over the affected process, enabling impacts to confidentiality, integrity, and availability on the host system.

The provided references point to similar DLL hijacking techniques observed in other applications but contain no vendor advisories, patches, or mitigation guidance specific to Helakuru. The EPSS score remains low, with a current value of 0.0584 and a peak of 0.0746, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

helakuru
helakuru
1.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References