Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server

Vulnerability

An uncontrolled search path element vulnerability exists in the Windows executables 4D.exe and 4D Server.exe version 19 R8 100218 [1]. The vulnerability is a DLL hijacking issue: the application searches for x64\shfolder.dll in its installation path without proper validation, allowing an attacker to replace this DLL with a malicious one. When the application loads, it executes the attacker-controlled code [1].

Exploitation

To exploit this vulnerability, an attacker must have write access to the installation directory of 4D or 4D Server, which typically requires high privileges (e.g., administrator rights) [1]. The attacker replaces the legitimate x64\shfolder.dll with a malicious DLL. Subsequently, when a user (or the system) launches the affected executable, the application loads the malicious DLL, leading to arbitrary code execution. The CVSS vector indicates that user interaction is required (UI:R), meaning the attacker may need to trick a user into running the application after the DLL replacement [1].

Impact

Successful exploitation allows arbitrary code execution in the context of the affected application [1]. Given that the application likely runs with high privileges, the attacker could gain full control over the system, leading to complete compromise of confidentiality, integrity, and availability (CIA). The CVSS base score is 6.5 (Medium) [1].

Mitigation

As of the publication date, no official fix or workaround has been reported [1]. Users are advised to restrict write access to the installation directory to trusted administrators only and monitor for any unauthorized file modifications. The vendor may release a patched version in the future; until then, the vulnerability remains unmitigated [1].