漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Multiple DLL Search Order hijacking Vulnerabilities in SanDisk Security Installer for Windows
Vulnerability Description
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
SanDisk Security Installer 安全漏洞
Vulnerability Description
Western Digital SanDisk Security Installer是美国西部数据(Western Digital)公司的一个安全安装程序。 SanDisk Security Installer存在安全漏洞,该漏洞源于存在多个DLL搜索顺序劫持漏洞,可能允许具有本地访问权限的攻击者通过执行安装程序来执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A