CVE-2023-47113: High Severity Vulnerability in BleachBit for Windows

BleachBit is a widely used free and open-source disk space cleaner, privacy manager, and computer system optimizer available for Windows, Linux, and macOS. However, a recent security vulnerability has been discovered in BleachBit for Windows versions up to 4.4.2. This vulnerability, known as CVE-2023-47113 (CVSS score of 7.3), exposes users to the risk of DLL Search Order Hijacking attacks.

CVE-2023-47113

DLL Search Order Hijacking is a type of attack that exploits the way Windows searches for and loads Dynamic-Link Libraries (DLLs). When Windows executes an application, it looks for the required DLLs in specific directories. If a malicious DLL with the same name as a legitimate DLL is placed in a directory with higher priority in the search order, Windows will load the malicious DLL instead of the legitimate one. This allows attackers to execute arbitrary code on the affected system.

The DLL Search Order Hijacking vulnerability in BleachBit for Windows poses significant security risks. By placing a malicious DLL in the c:\DLLs folder, an attacker can execute arbitrary code whenever BleachBit is executed. This attack can lead to various consequences, including:

  • Privilege Escalation: If BleachBit is executed with elevated privileges, the attacker can gain elevated privileges, allowing them to perform unauthorized actions on the system.

  • Persistence: The attacker can use the vulnerability to establish persistence on the system, meaning the malicious code will continue to execute even after the system is restarted.

  • Evasion: The attacker can use BleachBit as a means to evade detection by hiding their malicious code within a trusted application.

  • Spreading: If the system is used by multiple users, the malicious DLL can be used to target other users on the same network.

To mitigate the risks associated with the CVE-2023-47113 vulnerability, users should implement the following workarounds:

  • Create a Restricted c:\DLLs Directory: As an administrator, create the c:\DLLs directory and set permissions that prevent regular users from creating files in this directory. This will prevent the attacker from placing the malicious DLL in the required location.

  • Upgrade to BleachBit 4.6.0 (final): BleachBit version 4.6.0 includes a workaround that detects and prevents DLL hijacking attacks. Users should upgrade to this version as soon as possible.

  • Upgrade to BleachBit 4.4.2.2467 (alpha): BleachBit version 4.4.2.2467 includes a proper fix for the vulnerability. This version is based on Python 3.10, which addresses the underlying issue. However, it is important to note that this version is still in alpha testing and may contain bugs.