CVE number – CVE-2019-19364
In Sony Catalyst Production Suite through 2019.1 (22.214.171.124) and Catalyst Browse through 2019.1 (126.96.36.199), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).
The installers try to load DLLs that don’t exist from its current directory. Both installers try to load a dll named “NETUTILS.dll”. by doing so, an attacker can quickly escalate its privileges.