lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CACgyTBQEsRzoYkC_JNjWPAPa=e_9za6H57cWVDORRfjSMw+RDg@mail.gmail.com>
Date: Tue, 27 Sep 2016 23:11:41 +0800
From: Tien Phan <heart2heart.it@...il.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] skype installer dll hijacking vulnerability - CVE-2016-5720

Hi,

There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.

Here is the vulnerability details:
------
Skype installer in Windows is open to DLL hijacking.

Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability.

Reproduce Notes:
1. Download this dll
https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E
2. Copy msi.dll to Downloads directory
3. download skype installer
4. execute the downloaded installer from your "Downloads" directory;
Observed behavior: message box “hyhy”

Another dll can be used to hijack: dpapi.dll cryptui.dll
------

Regards,
Tien



-- 
Tien Phan
Blog : http://tienpp.blogspot.com
twitter : @_razybo_ <http://twitter.com/_razybo_>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ