CVE-2023-4770

Name of the Vulnerable Software and Affected Versions 4D versions 19 R8 100218

Description An uncontrolled search path element vulnerability has been found in 4D and 4D server Windows executables applications. This vulnerability consists of a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

Recommendations For version 19 R8 100218, consider restricting access to the shfolder.dll file in the installation path to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable 4D and 4D server Windows executables applications until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.