Dylib Injection Vulnerability in Phiewer Affects User Data Security
CVE-2024-53407

3.3LOW

Key Information:

Vendor: Phiewer
Status: Phiewer
Vendor: CVE Published:; 15 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

In Phiewer version 4.1.0, a dylib injection vulnerability allows attackers to execute arbitrary commands on the system. This could enable malicious actors to inject harmful dylib files, granting them potential remote control and access to sensitive user information. Vigilance and timely updates are crucial in mitigating the risks associated with this security flaw.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-53407
Created by SyFi

References

https://github.com/SyFi/CVE-2024-53407

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 15, 2025
👾
Exploit known to exist
Jan 15, 2025
Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Nov 20, 2024