An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Qualys

Published: 2023-04-18T15:47:37.719Z

Updated: 2024-08-02T12:30:24.237Z

Reserved: 2023-03-10T21:23:28.796Z

Link: CVE-2023-28140

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-18T16:15:09.003

Modified: 2024-11-21T07:54:28.540

Link: CVE-2023-28140

cve-icon Redhat

No data.