CVE-2024-9499 HIGH

CVE-2024-9499: Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer

Vendor Silabs.com
Product USBXpress Win 98SE Dev Kit
Weakness CWE-427
Published January 24, 2025
Last update February 18, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
February 18, 2025 Record updated