CVE number – CVE-2019-19364
In Sony Catalyst Production Suite through 2019.1 (184.108.40.206) and Catalyst Browse through 2019.1 (220.127.116.11), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).
The installers try to load DLLs that don’t exist from its current directory. Both installers try to load a dll named “NETUTILS.dll”. by doing so, an attacker can quickly escalate its privileges.