Eli Paz

Name of the Vulnerable Software and Affected Versions: Bosch Video Client versions up to and including 1.7.6.079 Description: The issue allows an attacker to execute arbitrary code on a victim's system by loading a DLL through an uncontrolled search path element in the Bosch Video Client installer. This can happen if the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. Recommendations: For Bosch Video Client versions up to and including 1.7.6.079, consider removing any untrusted DLLs from the directory where the installer is run to prevent potential exploitation. As a temporary workaround, restrict the execution of the installer to trusted directories only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Western Digital WesternDigitalSSDDashboardSetup.exe versions prior to 3.0.2.0 **Description** The issue allows DLL Hijacking, which can be exploited due to a flaw in the Western Digital WesternDigitalSSDDashboardSetup.exe. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.0.2.0, update to version 3.0.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the loading of external DLLs by the WesternDigitalSSDDashboardSetup.exe until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** CatalystProductionSuite.2019.1.exe version 1.1.0.21 CatalystBrowseSuite.2019.1.exe version 1.1.0.21 **Description** The issue is related to DLL Hijacking, where the installers attempt to load non-existent DLLs from their current directory, allowing a malicious user to escalate privileges. **Recommendations** For CatalystProductionSuite.2019.1.exe version 1.1.0.21, consider restricting the installer's ability to load DLLs from its current directory until a patch is available. For CatalystBrowseSuite.2019.1.exe version 1.1.0.21, consider restricting the installer's ability to load DLLs from its current directory until a patch is available.