Bosch IP Helper 1.00.0008 - Local Code Execution via DLL hijacking

2020.01.09

Nir Yehoshua (IL)

Risk: High

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

Title: Bosch IP Helper 1.00.0008 - Local Code Execution via DLL hijacking
Date: 2020-1-9
Author: Nir Yehoshua
Vendor: https://www.bosch.com/
Product: https://downloadstore.boschsecurity.com/FILES/IPHelper_1.00.0008.exe
Tested on: Microsoft Windows 10 x64 [eng]


Description:

A local DLL hijacking vulnerability has been discovered in Bosch IP Helper 1.00.0008.
The issue allows local attackers to load their DLL into IPHelper_1.00.0008.exe and execute the DLL.

Vulnerable Library:
msimg32.dll (x86)

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Bosch IP Helper 1.00.0008 - Local Code Execution via DLL hijacking

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.