Security: Windows Uninstaller DLL Hijack (CVE-2022-36415)
Vulnerability
CVE-2022-36415 is a DLL hijacking vulnerability in the uninstaller for Beyond Compare 1.8a through 4.4.2 when installed with the EXE installer.
Beyond Compare's uninstaller attempts to load DLLs out of the Windows Temp folder. If a standard user places malicious DLLs in the "C:\Windows\Temp\" folder, then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.
Remediation
To remediate this issue, update to version 4.4.3 or newer.
Acknowlegements
Thank you to the Lockheed Martin Red Team for finding and reporting this issue.