CVE-2023-42757

Name of the Vulnerable Software and Affected Versions Process Explorer versions prior to 17.04

Description The issue allows attackers to make Process Explorer functionally unavailable, resulting in a denial of service for analysis. This can be achieved by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. The problem stems from an issue in wcscat s error handling.

Recommendations For versions prior to 17.04, update to version 17.04 or later to resolve the issue. As a temporary workaround, consider avoiding the use of NtCreateUserProcess with renamed executable files until a patch is applied. Restrict access to renaming executable files to minimize the risk of exploitation.