CVE-2024-9499: Uncontrolled search path can lead to DLL hijacking in USBXpress Win 98SE Dev Kit installer
First published: Fri Jan 24 2025(Updated: )
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Credit: product-security@silabs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9499?
CVE-2024-9499 has a high severity due to the potential for privilege escalation and arbitrary code execution.
How do I fix CVE-2024-9499?
To fix CVE-2024-9499, ensure you are using the latest version of the USBXpress Win 98SE Dev Kit installer that addresses this vulnerability.
What causes CVE-2024-9499?
CVE-2024-9499 is caused by DLL hijacking vulnerabilities due to an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer.
What are the risks associated with CVE-2024-9499?
The risks associated with CVE-2024-9499 include privilege escalation, arbitrary code execution, and potential unauthorized access to system resources.
Who is affected by CVE-2024-9499?
CVE-2024-9499 affects users of the USBXpress Win 98SE Dev Kit primarily during the installation process.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event