CVE-2023-51711 is a high-severity vulnerability identified in Regify Regipay Client for Windows version 4.5.1.0. The vulnerability is a DLL hijacking issue (CWE-427), which allows an attacker to execute arbitrary code with the privileges of the user running the application. DLL hijacking occurs when an application improperly searches for and loads dynamic link libraries (DLLs) from untrusted or user-controllable locations. In this case, the Regipay Client does not securely validate the source of DLLs it loads, enabling an attacker to place a malicious DLL in a location that the application will load upon execution. This results in the execution of arbitrary code every time the product runs. The CVSS v3.1 base score is 7.8, indicating a high severity level. The vector string (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) shows that the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but does require user interaction (UI:R). The impact on confidentiality, integrity, and availability is high, as arbitrary code execution can lead to full system compromise, data theft, or disruption of services. No known public exploits are reported yet, and no patches or vendor advisories are currently linked. The vulnerability was published on January 24, 2024, and reserved on December 22, 2023.

For European organizations using Regify Regipay Client 4.5.1.0 on Windows, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary code locally, potentially leading to data breaches, unauthorized access to sensitive financial transactions, or disruption of payment processing workflows. Given that Regify Regipay is used for secure payment communications, compromise could undermine trust and compliance with financial regulations such as GDPR and PSD2. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where users might be tricked into executing the application with malicious DLLs present (e.g., via phishing or social engineering). The high impact on confidentiality, integrity, and availability means that critical financial data and systems could be compromised, resulting in financial loss, reputational damage, and regulatory penalties.

European organizations should immediately audit their environments to identify installations of Regify Regipay Client version 4.5.1.0. Until an official patch is released, mitigations include: 1) Restricting write permissions on directories where the Regipay Client loads DLLs to prevent unauthorized DLL placement. 2) Running the application with the least privilege necessary to limit the impact of code execution. 3) Educating users to avoid running the application from untrusted locations or opening suspicious files that could trigger DLL hijacking. 4) Employing application whitelisting and endpoint protection solutions that detect or block unauthorized DLL loads. 5) Monitoring systems for unusual DLL loads or process behaviors related to Regipay Client. 6) Engaging with the vendor or support channels to obtain patches or official guidance as soon as available. 7) Considering temporary alternative payment solutions if risk is unacceptable.