Sony Catalyst Production Suite Privilege Escalation Vulnerability [CVE-2019-19364]

CVE number – CVE-2019-19364

In Sony Catalyst Production Suite through 2019.1 (1.1.0.21) and Catalyst Browse through 2019.1 (1.1.0.21), an unprivileged user can obtain admin privileges, and execute a program as admin, after DLL hijacking of a DLL that is loaded during setup (installation).

Product: CatalystProductionSuite.2019.1.exe
Version: 1.1.0.21

Product: CatalystBrowseSuite.2019.1.exe
Version: 1.1.0.21

The installers try to load DLLs that don’t exist from its current directory. Both installers try to load a dll named “NETUTILS.dll”. by doing so, an attacker can quickly escalate its privileges.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: