Security: Windows Uninstaller DLL Hijack (CVE-2022-36415)

Issue Date: 2022-07-20
Affected Versions: 1.8a - 4.4.2

Vulnerability

CVE-2022-36415 is a DLL hijacking vulnerability in the uninstaller for Beyond Compare 1.8a through 4.4.2 when installed with the EXE installer.

Beyond Compare's uninstaller attempts to load DLLs out of the Windows Temp folder.  If a standard user places malicious DLLs in the "C:\Windows\Temp\" folder, then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.

Remediation

To remediate this issue, update to version 4.4.3 or newer.

Acknowlegements

Thank you to the Lockheed Martin Red Team for finding and reporting this issue.

References

Mitre CVE Database: CVE-2022-36415

Copyright © 2022 Scooter Software, Inc.