Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. The vulnerable component is Evope.Service.exe, which runs with SYSTEM privileges and automatically loads the DLL on startup or reboot.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Evope Collector 安全漏洞
Vulnerability Description
Evope Collector是巴西Evope公司的一个团队绩效监控与任务挖掘平台。 Evope Collector 1.1.6.9.0版本存在安全漏洞,该漏洞源于从不受控制的搜索路径加载wtsapi32.dll库,可能导致本地攻击者执行任意代码或提升权限至SYSTEM。
CVSS Information
N/A
Vulnerability Type
N/A