Alexander Huaman Jaimes

**Name of the Vulnerable Software and Affected Versions** SanDisk PrivateAccess (affected versions not specified) **Description** A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows could lead to arbitrary code execution in the context of the system user. This issue is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. The attack is limited to the system in context and cannot be propagated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plesk Installer version 3.27.0.0 **Description** The issue allows a local attacker to execute arbitrary code by injecting DLL files into the same folder where the application is installed. This results in DLL hijacking in files such as `edputil.dll`, `samlib.dll`, `urlmon.dll`, `sspicli.dll`, `propsys.dll`, and `profapi.dll`. **Recommendations** For Plesk Installer version 3.27.0.0, consider restricting access to the installation folder to prevent DLL injection until a patch is available. As a temporary workaround, avoid using the vulnerable DLL files `edputil.dll`, `samlib.dll`, `urlmon.dll`, `sspicli.dll`, `propsys.dll`, and `profapi.dll` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 4D versions 19 R8 100218 **Description** An uncontrolled search path element vulnerability has been found in 4D and 4D server Windows executables applications. This vulnerability consists of a DLL hijacking by replacing x64 `shfolder.dll` in the installation path, causing an arbitrary code execution. **Recommendations** For version 19 R8 100218, consider restricting access to the `shfolder.dll` file in the installation path to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable 4D and 4D server Windows executables applications until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.