AppSamvid DLL Hijacking

Published
Credit
Risk
2017.03.17
Sachin Wagh
Medium
CWE
CVE
Local
Remote
N/A
N/A
Yes
No

Vulnerability Title: AppSamvid Local Code Execution Vulnerability (ntmarta.dll)
Affected Product: AppSamvid
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : NA
Severity: Medium
Author: Sachin Wagh (@tiger_tigerboy)

*Description:*

AppSamvid contains a DLL hijacking vulnerability that could allow an
unauthenticated attacker to execute arbitrary code on the targeted system.
This vulnerability exists due to some DLL file is loaded by
aAppSamvid.2.0.1.Win7_64.exea improperly. And it allows an attacker to load
(ntmarta.dll) DLL file of the attackeras choosing that could execute
arbitrary code without the user's knowledge.

*Affected Product:*

AppSamvid 2.0.1

*Impact:*

Attacker can exploit the vulnerability to load a DLL file of the attacker's
choosing that could execute arbitrary code. This may help attacker to
Successful exploits the system if user creates shell as a DLL.

*Proof-Of-Concept :*

1. Create malicious dll file and save it as 'ntmarta.dll' in your
"Downloads" directory.

2. Download AppSamvid (https://cdac.in/index.aspx?id=cs_eps_usb_pra) and save it in your "Downloads" directory.

3. Execute AppSamvid from your "Downloads" directory.

4. Malicious dll file gets executed.

*Credit:*

*Sachin Wagh (tiger_tigerboy)*


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com