VYPR
← All advisories
Medium severity4.2NVD Advisory· Published May 7, 2024· Updated Apr 15, 2026

CVE-2023-42757

CVE-2023-42757

Description

Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Process Explorer before 17.04 is vulnerable to denial of service via a crafted 255-character extensionless filename, exploiting improper wcscat_s error handling.

Vulnerability

Overview

CVE-2023-42757 affects Process Explorer versions prior to 17.04. The vulnerability stems from improper error handling in the wcscat_s function when the tool attempts to process an executable file that has been renamed to a 255-character name without an extension. This specific filename length and format triggers a failure in string concatenation, leading to a crash or hang of the application [1][2].

Exploitation

Prerequisites

An attacker must be able to rename an executable to a 255-character extensionless name and launch it using the NtCreateUserProcess system call. No elevated privileges are required; the attack can be performed by any user who can execute processes on the system. Once the malicious process is started, Process Explorer becomes functionally unavailable for analysis, effectively denying service to security analysts [2].

Impact

Successful exploitation results in a denial of service condition for Process Explorer, a widely used tool for system monitoring and malware analysis. This can hinder incident response efforts by preventing analysts from inspecting running processes, potentially allowing malicious activity to go undetected [1][2].

Mitigation

The vulnerability is fixed in Process Explorer version 17.04 and later. Users are advised to update to the latest version. No workarounds are available; updating is the only reliable mitigation [2].

References
  1. MagicDot: A Hacker's Magic Show | SafeBreach
  2. GitHub - SafeBreach-Labs/MagicDot: A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.