Vulnerability Details CVE-2022-23748
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.222
EPSS Ranking 95.5%
CVSS Severity
CVSS v3 Score 7.8
Proposed Action
Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.
Ransomware Campaign
Unknown
References
- https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C
- https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748
- https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C
- https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748
Products affected by CVE-2022-23748
-
cpe:2.3:a:audinate:dante_application_library:*
-
cpe:2.3:o:microsoft:windows:-