mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAudinate Dante Application Library
APPAudinate≤ 1.2.0Microsoft Windows
OSMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Audinate
- Producti
- Dante Discovery
- Added to KEVi
- February 6, 2025
- Remediation deadline (US Federal)i
- February 27, 2025(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit