Dropbox: Subtile Code Injection Vulnerability in Dropbox for Windows

2016-08-25T07:59:09
ID H1:163292
Type hackerone
Reporter fbogner
Modified 2016-12-03T19:16:13

Description

A mistake in our compilation meant that one of our Qt libraries was unintentionally loading a openssl.cnf from another user on Windows. The config file allowed the other user to specify a DLL to load, which meant that a user with this specific username could escalate privileges and execute code as another user running Dropbox. @fbogner was extremely helpful and also gave us scripts to detect it.