vuln disclosure
OpenEDR Vulnerabilities Allow Malicious DLL Injection via DriverOpenEDR DLL Hijacking and Unsigned DLL Loading
Two vulnerabilities were discovered in OpenEDR's DLL injector module: the driver does not verify the signature of the DLL it injects, and it searches for the DLL in an unprotected path (System32) before the protected installation path. An attacker with administrator privileges can replace the legitimate DLL with a malicious one, causing the EDR driver to inject malicious code into every monitored process, compromising system confidentiality and integrity.