CVE-2021-42923

Name of the Vulnerable Software and Affected Versions ShowMyPC version 3606

Description The issue is related to a DLL hijack vulnerability. An attacker can exploit this by overwriting the file %temp%ShowMyPC-ShowMyPC3606wodVPN.dll with malicious code, which will then run with normal user privileges, unless ShowMyPC is run as administrator.

Recommendations For ShowMyPC version 3606, consider restricting access to the %temp%ShowMyPC-ShowMyPC3606 directory to prevent overwrite of the wodVPN.dll file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.