SanDisk Security Installer for Windows 1.0.0.25


WDC Tracking Number: WDC-23013
Published: November 22, 2023

Last Updated:  November 22, 2023

Description

The SanDisk Security Installer for Windows version 1.0.0.25 addressed multiple DLL Search Order hijacking vulnerabilities that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL.

Advisory Summary

Resolved multiple DLL Search Order Hijack vulnerabilities that could lead to the execution of arbitrary code with the privileges of the vulnerable application. This could also allow an attacker to obtain a certain level of persistence on the compromised host.

CVE Number: CVE-2023-22818

Western Digital would like to thank Alexander Huamán Jaimes for reporting this issue.