Acunetix 10.0 DLL Hijacking

2016.11.23
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Title: Acunetix 10 Multi DLL Hajacking Application: Acunetix Versions Affected: 10.0 Vendor URL: http://www.acunetix.com Discovered by: Ashiyane Digital Security Team Tested on: Windows 10 Bugs: DLL Hajacking Date: 22-Nov-2016 Description: A local dll injection vulnerability has been discovered in the official Acunetix software.The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges. Affected Area(s): ssleay32.dll libeay32.dll pcre.dll sqlite3.dll SciLexer.dll Proof of Concept: For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the local vulnerability ... 1. Compile dll and rename to 'libeay32.dll' or other effected areas 2. Copy libeay32.dll[or other effected areas] to C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10 3. Launch wvs.exe 4. MessageBox Executed..!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top