F-Secure Key 4.9.241.0 – Local Code Execution via DLL hijacking

2019.12.29

Nir Yehoshua (IL)

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Title: F-Secure Key 4.9.241.0 – Local Code Execution via DLL hijacking
Date: 2019-12-29
Author: Nir Yehoshua
Vendor: https://www.f-secure.com/en
Product: F-Secure Key 4.9.241.0
Tested on: Microsoft Windows 10 x64 [eng]


Description:

A local DLL hijacking vulnerability has been discovered in F-Secure Key 4.9.241.0.
The issue allows local attackers to load their DLL into fskey.exe and execute the DLL.

Vulnerable Library:
wkscli.dll (x86)

Location:
C:\Program Files (x86)\F-Secure\F-Secure KEY\

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

F-Secure Key 4.9.241.0 – Local Code Execution via DLL hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.