Security: Windows Uninstaller DLL Hijack (CVE-2022-36415)

Vulnerability

CVE-2022-36415 is a DLL hijacking vulnerability in the uninstaller for Beyond Compare 1.8a through 4.4.2 when installed with the EXE installer.

Beyond Compare's uninstaller attempts to load DLLs out of the Windows Temp folder. If a standard user places malicious DLLs in the "C:\Windows\Temp\" folder, then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.

Remediation

To remediate this issue, update to version 4.4.3 or newer.

Acknowlegements

Thank you to the Lockheed Martin Red Team for finding and reporting this issue.

Log in

My Account

Security: Windows Uninstaller DLL Hijack (CVE-2022-36415)

Vulnerability

Remediation

Acknowlegements