lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 09 Dec 2017 14:36:27 -0500
From: Maelstrom Security via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Sony PS4 Remote Play - DLL Hijack vulnerability

Application: PS4 Remote Play
Application Version: 2.5.0.9220
Platform: Windows
Vendor: Sony
Notified at: secure@...y.com (3 months ago),no reply, and still no fix...

PS4 Remote Play application is vulnerable to DLL Hijacking Vulnerability. If executable is installed in unprotected directories (where any user can have access)or in portable form (which is often installed outside of program files or %windir%) it is possible to hijack DLL by placing malformed dll in application directory and run malicious actions (arbitrary code execute with the privilige level of executing user) when application loads the dll.

Affected Library List
---------------------
VERSION.dll
CRYPTSP.dll
DWrite.dll
iphlpapi.dll
rasapi32.dll
rtutils.dll
winhttp.dll
secur32.dll
WindowsCodecs.dll
RichEd20.DLL
d3d9.dll
igdumd32.dll
WtsApi32.dll
WINSTA.dll
USERENV.dll
WindowsCodecsExt.dll
urlmon.dll
AUDIOSES.DLL

More info & Remediation:
https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/

Thank You,
Maelstrom Security

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists