lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Sep 2016 23:11:41 +0800 From: Tien Phan <heart2heart.it@...il.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] skype installer dll hijacking vulnerability - CVE-2016-5720 Hi, There are a dll planting vuln in skype installer. This vuln had been reported to Microsoft but they decided not fix this. Here is the vulnerability details: ------ Skype installer in Windows is open to DLL hijacking. Skype looks for a specific DLL by dynamically going through a set of predefined directories. One of the directory being scanned is the installation directory, and this is exactly what is abused in this vulnerability. Reproduce Notes: 1. Download this dll https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E 2. Copy msi.dll to Downloads directory 3. download skype installer 4. execute the downloaded installer from your "Downloads" directory; Observed behavior: message box “hyhy” Another dll can be used to hijack: dpapi.dll cryptui.dll ------ Regards, Tien -- Tien Phan Blog : http://tienpp.blogspot.com twitter : @_razybo_ <http://twitter.com/_razybo_> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists