CVE-2022-41796

Name of the Vulnerable Software and Affected Versions Content Transfer (for Windows) versions 1.3 and prior

Description The issue is related to an untrusted search path vulnerability in the installer. This could allow an attacker to elevate privileges by using a specially crafted DLL. The vulnerability can be exploited via a Trojan horse DLL in an unspecified directory.

Recommendations For versions 1.3 and prior, consider restricting access to the installer until a patch is available. As a temporary workaround, avoid using the installer in environments where untrusted DLLs could be loaded, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.