[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] skype installer dll hijacking vulnerability - CVE-2016-5720
From: Tien Phan <heart2heart.it () gmail ! com>
Date: 2016-09-27 15:11:41
Message-ID: CACgyTBQEsRzoYkC_JNjWPAPa=e_9za6H57cWVDORRfjSMw+RDg () mail ! gmail ! com
[Download RAW message or body]
Hi,
There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.
Here is the vulnerability details:
------
Skype installer in Windows is open to DLL hijacking.
Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability.
Reproduce Notes:
1. Download this dll
https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E
2. Copy msi.dll to Downloads directory
3. download skype installer
4. execute the downloaded installer from your "Downloads" directory;
Observed behavior: message box "hyhy"
Another dll can be used to hijack: dpapi.dll cryptui.dll
------
Regards,
Tien
--
Tien Phan
Blog : http://tienpp.blogspot.com
twitter : @_razybo_ <http://twitter.com/_razybo_>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic