CVE-2023-28140

Name of the Vulnerable Software and Affected Versions Qualys Cloud Agent for Windows versions prior to 4.5.3.1

Description An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This issue is bounded only to the time of uninstallation and can only be exploited locally.

Recommendations For versions prior to 4.5.3.1, update to version 4.5.3.1 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.