AppSamvid DLL Hijacking

2017.03.17

Credit: Sachin Wagh

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Vulnerability Title: AppSamvid Local Code Execution Vulnerability (ntmarta.dll)
Affected Product: AppSamvid
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : NA
Severity: Medium
Author: Sachin Wagh (@tiger_tigerboy)

*Description:*

AppSamvid contains a DLL hijacking vulnerability that could allow an
unauthenticated attacker to execute arbitrary code on the targeted system.
This vulnerability exists due to some DLL file is loaded by
aAppSamvid.2.0.1.Win7_64.exea improperly. And it allows an attacker to load
(ntmarta.dll)  DLL file of the attackeras choosing that could execute
arbitrary code without the user's knowledge.

*Affected Product:*

AppSamvid 2.0.1

*Impact:*

Attacker can exploit the vulnerability to load a DLL file of the attacker's
choosing that could execute arbitrary code. This may help attacker to
Successful exploits the system if user creates shell as a DLL.

*Proof-Of-Concept :*

1. Create malicious dll file and save it as 'ntmarta.dll' in your
"Downloads" directory.

2. Download AppSamvid (https://cdac.in/index.aspx?id=cs_eps_usb_pra) and save it in your "Downloads" directory.

3. Execute AppSamvid from your "Downloads" directory.

4. Malicious dll file gets executed.

*Credit:*

*Sachin Wagh (tiger_tigerboy)*

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AppSamvid DLL Hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.