SanDisk Security Installer for Windows 1.0.0.25
WDC Tracking Number: WDC-23013
Published: November 22, 2023
Last Updated: November 22, 2023
Description
The SanDisk Security Installer for Windows version 1.0.0.25 addressed multiple DLL Search Order hijacking vulnerabilities that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL.
Advisory Summary
Resolved multiple DLL Search Order Hijack vulnerabilities that could lead to the execution of arbitrary code with the privileges of the vulnerable application. This could also allow an attacker to obtain a certain level of persistence on the compromised host.
CVE Number: CVE-2023-22818
Western Digital would like to thank Alexander Huamán Jaimes for reporting this issue.