CVE-2023-47113

DLL Search Order Hijacking vulnerability in BleachBit for Windows

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

NVD, NVD

CWE (1)

CWE-427: Uncontrolled Search Path Element

CAPEC (-)

Risk

CVSS Score

7.3 High

SSVC

Track*

KEV

EPSS

0.0%

Affected Products (-)

Vendors (2)

bleachbit, microsoft

Products (2)

bleachbit, windows

Versions (1)

<= 4.4.2

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (1)

General (-)

Exploits & POcs (-)

Patches (-)

Advisories (1)

github

Summary

Descriptions

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.

BleachBit limpia archivos para liberar espacio en el disco y mantener la privacidad. BleachBit para Windows hasta la versión 4.4.2 es afectada por una vulnerabilidad de DLL Hijacking. Al colocar una DLL en la carpeta c:\DLLs, un atacante puede ejecutar código arbitrario en cada ejecución de BleachBit para Windows. Este problema se solucionó en la versión 4.5.0.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-10-30 CVE Reserved
2023-11-08 CVE Published
2023-11-09 EPSS Updated
2024-09-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-427: Uncontrolled Search Path Element

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8	2023-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bleachbit Search vendor "Bleachbit"	Bleachbit Search vendor "Bleachbit" for product "Bleachbit"	<= 4.4.2 Search vendor "Bleachbit" for product "Bleachbit" and version " <= 4.4.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe

CVE-2023-47113

DLL Search Order Hijacking vulnerability in BleachBit for Windows

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (1)

Affected Vendors, Products, and Versions