Bosch IP Helper 1.00.0008 - Local Code Execution via DLL hijacking

Title: Bosch IP Helper 1.00.0008 - Local Code Execution via DLL hijacking
Date: 2020-1-9
Author: Nir Yehoshua
Vendor: https://www.bosch.com/
Product: https://downloadstore.boschsecurity.com/FILES/IPHelper_1.00.0008.exe
Tested on: Microsoft Windows 10 x64 [eng]


Description:

A local DLL hijacking vulnerability has been discovered in Bosch IP Helper 1.00.0008.
The issue allows local attackers to load their DLL into IPHelper_1.00.0008.exe and execute the DLL.

Vulnerable Library:
msimg32.dll (x86)