Author Topic: Unsafe DLL loading vulnerable in version 2.3k  (Read 561 times)

0 Members and 1 Guest are viewing this topic.

Offline yeyint

  • Occasional poster
  • *
  • Posts: 1
    • View Profile
Unsafe DLL loading vulnerable in version 2.3k
« on: July 29, 2017, 02:30:13 PM »
The HSF Server application passes an insufficiently qualified path in loading an external library when a user launch the application.

Affected Library List
---------------------
# dwmapi.dll
# WindowsCodecs.dll
# apphelp.dll
# RICHED32.dll
# wsock32.dll
# DNSAPI.dll
# IPHLPAPI.dll
# rasadh1p.dll

Please find the following for demo. I rename the malicious dll file (which is execute calculator) as apphelp.dll in this demo.

https://www.youtube.com/watch?v=VGjRA-P0opM

Thanks
Ye


REFERENCES
https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks
https://cwe.mitre.org/data/definitions/427.html
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

Offline Fysack

  • Insane poster
  • *****
  • Posts: 587
  • Country: 00
  • present picture
    • View Profile
    • Admin
Re: Unsafe DLL loading vulnerable in version 2.3k
« Reply #1 on: September 30, 2017, 05:00:49 PM »
it make no sense dude
GOD CAN READ YOUR MIND

Offline rejetto

  • Administrator
  • Insane programmer
  • *
  • Posts: 12832
  • Country: it
    • View Profile
Re: Unsafe DLL loading vulnerable in version 2.3k
« Reply #2 on: November 21, 2017, 10:54:49 AM »
i had missed this report, actually.
I'm not personally calling that DLL, and i'm not sure why it is called.
The results on google are quite confusing.
Would anyone have information, please share.


Offline bmartino1

  • Insane poster
  • *****
  • Posts: 716
  • Country: us
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Unsafe DLL loading vulnerable in version 2.3k
« Reply #3 on: November 23, 2017, 11:23:44 AM »
rejjeto, i private messaged you about this....

what i have seen and what was shown was indeed dll hacking, but is not a probelm or a bug with your program, but a os system issues with a bad visual update. it was his pc casuing the issue..

this is not a bug that i have found.
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline Fysack

  • Insane poster
  • *****
  • Posts: 587
  • Country: 00
  • present picture
    • View Profile
    • Admin
Re: Unsafe DLL loading vulnerable in version 2.3k
« Reply #4 on: December 08, 2017, 06:19:53 PM »
 ;D ;D ;D LOVE
GOD CAN READ YOUR MIND