Security: Windows Uninstaller DLL Hijack (CVE-2022-36415)


CVE-2022-36415 is a DLL hijacking vulnerability in the uninstaller for Beyond Compare 1.8a through 4.4.2 when installed with the EXE installer.

Beyond Compare's uninstaller attempts to load DLLs out of the Windows Temp folder.  If a standard user places malicious DLLs in the "C:\Windows\Temp\" folder, then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.


To remediate this issue, update to version 4.4.3 or newer.


Thank you to the Lockheed Martin Red Team for finding and reporting this issue.