CVE-2022-47636

Name of the Vulnerable Software and Affected Versions OutSystems Service Studio version 11.53.30 build 61739

Description A DLL hijacking issue has been discovered. When a user opens a .oml file, the application loads DLLs from the same directory, including av libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged-in user.

Recommendations For OutSystems Service Studio version 11.53.30 build 61739, consider disabling the loading of DLLs from the same directory as a temporary workaround until a patch is available. Restrict access to the vulnerable DLLs to minimize the risk of exploitation. Avoid using the affected .oml file handling functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.