Multiple DLL Search Order Hijack vulnerabilities were...
High severity
Unreviewed
Published
Nov 15, 2023
to the GitHub Advisory Database
•
Updated Nov 23, 2023
Description
Published by the National Vulnerability Database
Nov 15, 2023
Published to the GitHub Advisory Database
Nov 15, 2023
Last updated
Nov 23, 2023
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for
Windows that could allow attackers with local access to execute arbitrary code by executing the installer
in the same folder as the malicious DLL. This can lead to the execution of arbitrary
code with the privileges of the vulnerable application or obtain a certain level of persistence
on the compromised host.
References