Alexander Huamán Jaimes

**Name of the Vulnerable Software and Affected Versions** Duet Display version 2.5.9.1 **Description** An uncontrolled search path element issue has been found in the Duet Display product. This could allow an attacker to place an arbitrary `libusk.dll` file in the `C:UsersuserAppDataLocalMicrosoftWindowsApps` directory, potentially leading to the execution and persistence of arbitrary code. **Recommendations** For version 2.5.9.1, consider removing or restricting access to the `libusk.dll` file in the vulnerable directory until a patch is available. As a temporary workaround, restrict write access to the `C:UsersuserAppDataLocalMicrosoftWindowsApps` directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SanDisk Security Installer for Windows (affected versions not specified) **Description** The issue concerns a DLL Search Order Hijack that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. Additionally, it is mentioned that exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.