Audinate Response to Dante Discovery (mDNSResponder.exe) Security Issue (CVE-2022-23748)
Affected Products / Versions: Third-party products that utiliseDante Application Library for Windows v1.2.0 and earlier
Publication Date: 7 December 2022
Summary:
A security vulnerability (CVE-2021-23748) in mDNSResponder.exe contained in Dante Application Library for Windows v1.2.0 and earlier has been published.
This vulnerability only affects products that utilise Dante Application Library for Windows and does not affect any other Dante hardware or software products that include mDNSResponder.exe.
Details:
mDNSResponder.exe v1.3.1 and earlier is vulnerable to a DLL side loading attack. This executable is a component built specifically for Dante Application Library for Windows v1.2.0 and earlier
This could allow a local attacker with access to the PC running Dante Application Library the ability to execute arbitrary code. It is not possible to remotely exploit this vulnerability.
Remediation:
An updated mDNSResponder.exe v1.3.2 has been released to all affected third parties as part of Dante Application Library for Windows v1.2.1; and as a standalone security patch for Dante Application Library for Windows v1.2.0 and earlier
If you believe you are running software that utilises Dante Application Library for Windows, please contact the third-party vendor for a software update.
References:
CVE-2022-23748 – https://nvd.nist.gov/vuln/detail/CVE-2022-23748
CAPEC-641 – https://capec.mitre.org/data/definitions/641.html