CVE-2023-22818: Multiple DLL Search Order hijacking Vulnerabilities in SanDisk Security Installer for Windows
First published: Wed Nov 15 2023(Updated: )
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host.
Credit: psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital Sandisk Security Installer | <1.0.0.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22818?
CVE-2023-22818 refers to multiple DLL Search Order Hijack vulnerabilities in the SanDisk Security Installer for Windows.
How can an attacker exploit CVE-2023-22818?
An attacker with local access can execute arbitrary code by executing the installer in the same folder as a malicious DLL.
What is the severity of CVE-2023-22818?
CVE-2023-22818 has a severity of 7.3 (high).
Which software is affected by CVE-2023-22818?
The SanDisk Security Installer for Windows version 1.0.0.25 is affected by CVE-2023-22818.
Is there a fix available for CVE-2023-22818?
Yes, the fix for CVE-2023-22818 has been addressed in the SanDisk Security Installer for Windows.
- collector/nvd-api
- agent/weakness
- agent/type
- agent/title
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/westerndigital
- canonical/westerndigital sandisk security installer