0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Audacity 2.1.2 DLL Hijacking Vulnerability
[Unsafe DLL search path in Audacity 2.1.2
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents ]======================================================
1. Overview
2. Detailed description
3. Further attack scenarios
4. Timeline of disclosure
5. Thanks & Acknowledgements
6. References
=====[ 1. Overview ]============================================================
* System affected : Audacity [1].
* Software Version : 2.1.2 (other versions may also be affected).
* Impact : A user may be infected by opening an audio file in
Audacity, from an untrusted location i.e. usb flash drive,
network file share.
=====[ 2. Detailed description ]================================================
Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load
avformat-55.dll without supplying the absolute path, thus relying upon the
presence of such DLL on the system directory. This behavior results in an
exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is
enabled.
The vulnerability report can be found at the following URL:
http://forum.audacityteam.org/viewtopic.php?f=46&t=92698
Audacity neglected the risk associated with the vulnerability [2].
=====[ 3. Further attack scenarios ]============================================
The attacker can place a malicious dll named avformat-55.dll in the same folder
of an Audacity project file. Upon opening the project file Audacity will load
and execute the malicious code within its proccess context. The attack may be
carried out remotely by inducing the victim to open the project file from an
external storage device or a network file share.
=====[ 4. Timeline of disclosure ]==============================================
08/15/2016 - Reported vulnerability.
08/15/2016 - Audacity neglected the risk.
12/11/2016 - Advisory publication date.
=====[ 5. Thanks & Acknowledgements ]===========================================
- Breno Cunha < brenodario () gmail.com >
- Felipe Azevedo < felipe3gomes () gmail.com >
- Tempest Security Intelligence / Tempest's Pentest Team [3]
=====[ 6. References ]==========================================================
[1] http://www.audacityteam.org
[2] http://forum.audacityteam.org/viewtopic.php?f=46&t=92698
[3] http://www.tempest.com.br
# 0day.today [2024-12-26] #