Medium severity6.5NVD Advisory· Published Aug 7, 2025· Updated Jun 17, 2026
CVE-2024-42048
CVE-2024-42048
Description
OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may result in arbitrary code execution and privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.15.5
- Range: =1.15.5
Patches
Vulnerability mechanics
References
9- attack.mitre.org/techniques/T1574/001nvd
- docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryanvd
- docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexanvd
- docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-ordernvd
- landings.openorange.com/l/erp-peru-a.htmlnvd
- raw.githubusercontent.com/securityadvisories/Security-Advisories/refs/heads/main/Advisories/Blaze%20Information%20Security%20-%20DLL%20Hijacking%20in%20OpenOrange%20Business%20Framework%20Allows%20Arbitrary%20Code%20Execution%20and%20Potential%20Privilege%20Escalation.txtnvd
- resources.infosecinstitute.com/topic/dll-hijackingnvd
- support.microsoft.com/en-us/topic/secure-loading-of-libraries-to-prevent-dll-preloading-attacks-d41303ec-0748-9211-f317-2edc819682e1nvd
- www.openorange.comnvd
News mentions
0No linked articles in our index yet.