Zanganox

**Name of the Vulnerable Software and Affected Versions** 4D versions 19 R8 100218 **Description** An uncontrolled search path element vulnerability has been found in 4D and 4D server Windows executables applications. This vulnerability consists of a DLL hijacking by replacing x64 `shfolder.dll` in the installation path, causing an arbitrary code execution. **Recommendations** For version 19 R8 100218, consider restricting access to the `shfolder.dll` file in the installation path to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable 4D and 4D server Windows executables applications until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.