Security: Windows Installer Elevation of Privilege Breakout (CVE-2022-36414)

Vulnerability

CVE-2022-36414 is an elevation of privilege breakout vulnerability in the Windows EXE installer for Beyond Compare 4.2.0 through 4.4.2.

When the installer is run as SYSTEM, the Clipboard Compare tray app runs elevated after installation.  A standard user can launch Beyond Compare from the tray app as SYSTEM, then launch a command prompt from Beyond Compare as SYSTEM.

The Clipboard Compare only runs as SYSTEM in the login session that is active during installation.  For future logins, the Clipboard Compare runs as the logged in user.

Remediation

To remediate this issue, update the EXE installer to version 4.4.3 or newer and use the /SILENT or /VERYSILENT command line switches during installation.  This prevents the Clipboard Compare tray app from launching after installation.

Acknowlegements

Thank you to the Lockheed Martin Red Team for finding and reporting this issue.