QID 376939

Date Published: 2022-08-30

QID 376939: Beyond Compare DLL Hijacking Vulnerability

Beyond Compare is a multi-platform utility that combines directory compare and file compare functions in one package.

CVE-2022-36415 is a DLL hijacking vulnerability in the uninstaller for Beyond Compare 1.8a through 4.4.2 when installed with the EXE installer.

Affected Versions:
Version 1.8a through 4.4.2

QID Detection Logic(Authenticated):
It checks for vulnerable version of Beyond Compare running on the target.

Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to execute arbitrary code on the target system.

  • CVSS V3 rated as High - 7.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
  • Solution
    For more information please visit kb_security_2022-02 for remediation of this vulnerability.

    Vendor References

    CVEs related to QID 376939

    Software Advisories
    Advisory ID Software Component Link
    kb_security_2022-02 URL Logo www.scootersoftware.com/support.php?zz=kb_security_2022-02