DLL Search Order Hijacking Vulnerability in ESET Products
CVE-2024-11859

8.4HIGH

Key Information:

Vendor

Eset, Spol. S R.o.

Status
Eset Nod32 Antivirus
Eset Internet Security
Eset Smart Security Premium
Eset Security Ultimate
Vendor
CVE Published:
7 April 2025

Badges

📈 Score: 1,420💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2024-11859?

CVE-2024-11859 is a critical vulnerability affecting certain products developed by ESET, a reputable cybersecurity company. This vulnerability is categorized as a DLL Search Order Hijacking flaw, which allows an attacker with administrative privileges to load a malicious dynamic-link library (DLL) and execute arbitrary code. The impact of this vulnerability could be severe, as it fundamentally undermines the integrity of the affected systems, posing significant risks to organizations that rely on ESET products for digital security.

Technical Details

The vulnerability involves a manipulation of the search order for dynamic-link libraries, which is a mechanism used by Windows to find and load DLL files. By exploiting this flaw, an attacker can introduce a malicious DLL that takes the place of a legitimate one, leading to unauthorized code execution. For successful exploitation, the attacker must possess administrative rights to the system, thereby amplifying the risk for organizations where user privileges are mismanaged or poorly controlled.

Potential Impact of CVE-2024-11859

  1. Unauthorized Code Execution: The ability to run arbitrary code on a compromised system could allow attackers to gain complete control over the affected machine, leading to further infiltration of the network.

  2. Data Theft and Manipulation: With control over the system, an attacker could access sensitive data, potentially leading to data breaches or unauthorized data manipulation, involving critical organizational information.

  3. Increased Malware Propagation: Exploiting this vulnerability can serve as a foothold for deploying additional malware, which may include ransomware. This could result in extensive damage across the organization's network and significant financial repercussions.

Affected Version(s)

ESET Endpoint Antivirus for Windows 0 <= 12.0.2038.0

ESET Endpoint Antivirus for Windows 0 <= 11.1.2053.2

ESET Endpoint Security for Windows 0 <= 12.0.2038.0

News Articles

favicon imageeSecurity Planet

ToddyCat Hackers Exploit ESET Flaw to Launch Stealthy TCESB Attack

ToddyCat hackers exploit ESET flaw (CVE-2024-11859) to deploy stealthy TCESB malware using DLL hijacking and a vulnerable Dell driver.

favicon imageDigital Watch Observatory

Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns | Digital Watch Observatory

A vulnerability in ESET antivirus (CVE-2024-11859) allowed malicious code execution via its scanning engine.

favicon imageThe Hacker News

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

ToddyCat exploits ESET’s CVE-2024-11859 flaw with TCESB malware, bypassing security tools via DLL hijacking.

References

https://support.eset.com/en/ca8810-dll-search-order-hijac...

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-11859 : DLL Search Order Hijacking Vulnerability in ESET Products