| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 09 Dec 2017 14:36:27 -0500 From: Maelstrom Security via Fulldisclosure <fulldisclosure@...lists.org> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Sony PS4 Remote Play - DLL Hijack vulnerability Application: PS4 Remote Play Application Version: 2.5.0.9220 Platform: Windows Vendor: Sony Notified at: secure@...y.com (3 months ago),no reply, and still no fix... PS4 Remote Play application is vulnerable to DLL Hijacking Vulnerability. If executable is installed in unprotected directories (where any user can have access)or in portable form (which is often installed outside of program files or %windir%) it is possible to hijack DLL by placing malformed dll in application directory and run malicious actions (arbitrary code execute with the privilige level of executing user) when application loads the dll. Affected Library List --------------------- VERSION.dll CRYPTSP.dll DWrite.dll iphlpapi.dll rasapi32.dll rtutils.dll winhttp.dll secur32.dll WindowsCodecs.dll RichEd20.DLL d3d9.dll igdumd32.dll WtsApi32.dll WINSTA.dll USERENV.dll WindowsCodecsExt.dll urlmon.dll AUDIOSES.DLL More info & Remediation: https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/ Thank You, Maelstrom Security _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists