rejetto forum

Unsafe DLL loading vulnerable in version 2.3k

yeyint · 6 · 4312

0 Members and 1 Guest are viewing this topic.

Offline yeyint

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
The HSF Server application passes an insufficiently qualified path in loading an external library when a user launch the application.

Affected Library List
---------------------
# dwmapi.dll
# WindowsCodecs.dll
# apphelp.dll
# RICHED32.dll
# wsock32.dll
# DNSAPI.dll
# IPHLPAPI.dll
# rasadh1p.dll

Please find the following for demo. I rename the malicious dll file (which is execute calculator) as apphelp.dll in this demo.

https://www.youtube.com/watch?v=VGjRA-P0opM

Thanks
Ye


REFERENCES
https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks
https://cwe.mitre.org/data/definitions/427.html
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx


Offline Fysack

  • Tireless poster
  • ****
    • Posts: 644
  • present picture
    • View Profile
    • Admin

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13308
    • View Profile
i had missed this report, actually.
I'm not personally calling that DLL, and i'm not sure why it is called.
The results on google are quite confusing.
Would anyone have information, please share.



Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 901
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
rejjeto, i private messaged you about this....

what i have seen and what was shown was indeed dll hacking, but is not a probelm or a bug with your program, but a os system issues with a bad visual update. it was his pc casuing the issue..

this is not a bug that i have found.
Files i try to keep and share can be found on my google drive:

https://drive.google.com/drive/folders/1FOWi3Gqaldld6JLXvZ-biDv4RSguf0IC


Offline Fysack

  • Tireless poster
  • ****
    • Posts: 644
  • present picture
    • View Profile
    • Admin