Full Disclosure mailing list archives
skype installer dll hijacking vulnerability - CVE-2016-5720
From: Tien Phan <heart2heart.it () gmail com>
Date: Tue, 27 Sep 2016 23:11:41 +0800
Hi, There are a dll planting vuln in skype installer. This vuln had been reported to Microsoft but they decided not fix this. Here is the vulnerability details: ------ Skype installer in Windows is open to DLL hijacking. Skype looks for a specific DLL by dynamically going through a set of predefined directories. One of the directory being scanned is the installation directory, and this is exactly what is abused in this vulnerability. Reproduce Notes: 1. Download this dll https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E 2. Copy msi.dll to Downloads directory 3. download skype installer 4. execute the downloaded installer from your "Downloads" directory; Observed behavior: message box “hyhy” Another dll can be used to hijack: dpapi.dll cryptui.dll ------ Regards, Tien -- Tien Phan Blog : http://tienpp.blogspot.com twitter : @_razybo_ <http://twitter.com/_razybo_> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- skype installer dll hijacking vulnerability - CVE-2016-5720 Tien Phan (Sep 27)