CVE-2023-47113: DLL Search Order Hijacking vulnerability in BleachBit for Windows
First published: Wed Nov 08 2023(Updated: )
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| BleachBit | <=4.4.2 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID for this vulnerability?
CVE-2023-47113
What is the title of this vulnerability?
DLL Search Order Hijacking vulnerability in BleachBit for Windows
What is BleachBit?
BleachBit cleans files to free disk space and to maintain privacy.
Which version of BleachBit for Windows is affected?
BleachBit for Windows up to version 4.4.2 is affected.
How can an attacker exploit this vulnerability?
By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/bleachbit
- canonical/bleachbit
- version/bleachbit/4.4.2
- vendor/microsoft
- canonical/microsoft windows operating system