[*]=============[*]
[+] Exploit Title: ClownfishVoiceChanger DLL Hijacking
[+] Software Link: https://clownfish-translator.com/voicechanger/getit/download64.php?v=69
[+] Exploit author: alone421
[+] Vendor Homepage: https://clownfish-translator.com/
[+] Version: 0.69
[+] Tested on windows
[*]=============[*]
Product:
Clownfish Voice Changer is an application for changing your voice.
It's installed on system level so every application that uses microphone or other audio capture device will be affected.
In general - your voice will be modified in Steam, Skype, Hangouts, ooVoo, Viber, Ekiga, Jitsi, Ventrilo, TeamSpeak, Mumble, Discord, etc.
Vulnerability Description:
Clownfish voice changer is vulnerable to Insecure DLL Hijacking vulnerability.
DLL Hijacking is an attack that exploits the way some Windows applications search and load Dynamic Link Libraries.
Vulnerable DLL:
- ClownfshAPO64.dll
Make Malicious dll.
Exploit:
Place a dummy ClownfshAPO64.dll file with the malicious dll . When the file is opened you will get shell.
[*]=============[*]
[+] Discovered by: alone421
[+] alone421@yahoo.com
[*]=============[*]