Full Disclosure mailing list archives
CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0
From: Rafael Pedrero <rafael.pedrero () gmail com>
Date: Tue, 18 Dec 2018 19:07:32 +0100
<!-- # Exploit Title: DLL Hijacking in Exiftool v8.3.2.0 # Date: 18-12-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://owl.phy.queensu.ca/~phil/exiftool/ # Software Link: http://owl.phy.queensu.ca/~phil/exiftool/ # Version: v8.3.2.0 # Tested on: all # CVE : CVE-2018-20211 # Category: webapps 1. Description ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). 2. Proof of Concept echo %TEMP% c:\windows\temp copy malicious.dll %TEMP%\par-%username%\cache-exiftool-8.32\ws32_32.dll Execute application \\server\share\exiftool\exiftool.exe or directly the application. 3. Solution: This application is deprecated. Use the last, v11.22. --> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0 Rafael Pedrero (Dec 21)