Impact A vulnerability exists in the "DSInternals.Common.Data.RoamedCredential.Save()" method, which incorrectly parses the "msPKIAccountCredentials" LDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges. A "similar security issue" (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30170) used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows. Exploitability The vulnerability can be exploited under the following circumstances: - An attacker is able to modify the "msPKIAccountCredentials" attribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND - A 3rd party application uses the "DSInternals.Common" library to export roamed credentials from Active Directory to a file system. AND - The application has administrative privileges on the local system. The probability of any 3rd-party product using the "DSInternals.Common" library being affected by this vulnerability is extremely low. Patches The issue had been fixed in DSInternals 4.8. References https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming