Controlio
Monthly
DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.
DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.