CVE-2025-1729

Name of the Vulnerable Software and Affected Versions TrackPoint Quick Menu versions (affected versions not specified)

Description A DLL hijacking issue exists in TrackPoint Quick Menu software. This issue could allow a local attacker to gain elevated privileges under specific conditions. The vulnerability involves the potential for loading a malicious DLL, specifically when the TPQMAssistant.exe attempts to load hostfxr.dll from its working directory, resulting in a 'NAME NOT FOUND' event. The scheduled task associated with the software runs daily at 9:30 AM in the context of the logged-in user, potentially allowing the malicious DLL to execute within an administrator's session. The vulnerability is related to insufficient protection of service data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.