CVE-2024-10093 – This vulnerability allows local attackers to ex... (How to Fix)

Q: What is the severity of CVE-2024-10093?

CVE-2024-10093 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to execute arbitrary code through DLL hijacking in VSO ConvertXtoDvd. Attackers can place a malicious avcodec.dll in a location that the application searches before the legitimate library, leading to code execution. Only users of VSO ConvertXtoDvd 7.0.0.83 on Windows systems are affected.

📋 TL;DR

This vulnerability allows local attackers to execute arbitrary code through DLL hijacking in VSO ConvertXtoDvd. Attackers can place a malicious avcodec.dll in a location that the application searches before the legitimate library, leading to code execution. Only users of VSO ConvertXtoDvd 7.0.0.83 on Windows systems are affected.

💻 Affected Systems

Products:

VSO ConvertXtoDvd

Versions: 7.0.0.83

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may be unaffected. Requires the vulnerable avcodec.dll library to be loaded.

📦 What is this software?

Convertxtodvd by Vso Software

View all CVEs affecting Convertxtodvd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the user running ConvertXtoDvd, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation where an attacker with initial access can execute arbitrary code with the victim's user privileges, enabling lateral movement or credential harvesting.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper application whitelisting is enforced, restricting the attacker's capabilities.

🌐 Internet-Facing: LOW - This vulnerability requires local access to exploit; remote exploitation is not possible.

🏢 Internal Only: HIGH - Local attackers (including malware or compromised users) can exploit this to escalate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and ability to place DLL in search path. The vulnerability is publicly disclosed with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or discontinue use of the software.

🔧 Temporary Workarounds

Restrict DLL Search Path

windows

Use Windows policies or application controls to restrict where ConvertXtoDvd can load DLLs from, preventing loading from untrusted locations.

Set-ProcessMitigation -Name ConvertXtoDvd.exe -Enable ForceRelocateImages

Remove Vulnerable Version

windows

Uninstall VSO ConvertXtoDvd 7.0.0.83 and replace with alternative software if possible.

Control Panel > Programs > Uninstall a program > Select VSO ConvertXtoDvd > Uninstall

🧯 If You Can't Patch

Run ConvertXtoDvd with minimal user privileges (not as administrator) to limit potential damage from exploitation.
Implement application whitelisting to prevent execution of unauthorized DLLs and monitor for suspicious DLL loading behavior.

🔍 How to Verify

Check if Vulnerable:

Check the version of ConvertXtoDvd.exe: Right-click the executable > Properties > Details tab, verify version is 7.0.0.83.

Check Version:

wmic datafile where name="C:\\Program Files\\VSO\\ConvertXtoDvd\\ConvertXtoDvd.exe" get version

Verify Fix Applied:

Verify the application is no longer version 7.0.0.83 or that DLL search path restrictions are properly applied.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing ConvertXtoDvd.exe loading DLLs from unusual paths
Security logs indicating DLL hijacking attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

EventID=4688 AND ProcessName="ConvertXtoDvd.exe" AND CommandLine CONTAINS "dll" OR EventID=7 (Sysmon) ImageLoaded contains "avcodec.dll" from non-standard path

📊 Metadata

CVE ID: CVE-2024-10093

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: October 17, 2024

Last Updated: November 1, 2024

🔗 References

https://vuldb.com/?ctiid.280758 Permissions Required
https://vuldb.com/?id.280758 Third Party Advisory
https://vuldb.com/?submit.420798 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10093, you might also want to check these: