Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Dropbox 6.4.14 DLL Hijacking

🗓️ 26 Jul 2016 00:00:00Reported by Himanshu MehtaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

Dropbox 6.4.14 DLL hijacking vulnerability allows remote code executio

Code
`Aloha,  
  
Summary  
Dropbox Installer for Windows contains a DLL hijacking vulnerability that  
could allow an unauthenticated, remote attacker to execute arbitrary code  
on the targeted system. The vulnerability exists due to some DLL file is  
loaded by 'DropboxInstaller.exe' improperly. And it allows an attacker to  
load this DLL file of the attackeras choosing that could execute arbitrary  
code without the user's knowledge.  
  
Affected Product: Dropbox 6.4.14 and prior versions  
  
Tested on: Windows 7  
  
Impact  
Attacker can exploit this vulnerability to load a DLL file of the  
attacker's choosing that could execute arbitrary code. This may help  
attacker to Successful exploit the system if user creates shell as a DLL.  
  
Vulnerability Scoring Details  
The vulnerability classification has been performed by using the CVSSv2  
scoring system (http://www.first.org/cvss/  
<https://hackerone.com/redirect?signature=273a575a933df15fb4c18a77b13c0f4949de2011&url=http%3A%2F%2Fwww.first.org%2Fcvss%2F>  
).  
Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)  
  
More Details:  
For software downloaded with a web browser the application directory is  
typically the user's "Downloads" directory: see  
https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html  
<https://hackerone.com/redirect?signature=21fd84ec7a888f372e2663aeb1ea24c253da2958&url=https%3A%2F%2Finsights.sei.cmu.edu%2Fcert%2F2008%2F09%2Fcarpet-bombing-and-directory-poisoning.html>  
,  
http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html  
<https://hackerone.com/redirect?signature=8e7de715fadc691b5fbc9d46f8bc6b0def63a540&url=http%3A%2F%2Fblog.acrossecurity.com%2F2012%2F02%2Fdownloads-folder-binary-planting.html>  
and http://seclists.org/fulldisclosure/2012/Aug/134  
<https://hackerone.com/redirect?signature=a86c271e4c4a984723abef934bc5f94125458dc6&url=http%3A%2F%2Fseclists.org%2Ffulldisclosure%2F2012%2FAug%2F134>  
for  
"prior art" about this well-known and well-documented vulnerability.  
  
If an attacker places malicious DLL in the user's "Downloads" directory  
(for example per "drive-by download" or "social engineering") this  
vulnerability becomes a remote code execution.  
  
Proof of concept/demonstration:  
1. Create a malicious PGPmapih.dll file and save it in your "Downloads"  
directory.  
  
2. Download 'DropboxInstaller.exe' from https://www.dropbox.com/downloading  
and save it in your "Downloads" directory.  
  
3. Execute .exe from your "Downloads" directory.  
  
4. Malicious dll file gets executed.  
  
Informed Vendor: Yes  
Fixed Version: TBA  
  
Please assign a CVE ID.  
  
Chao!!  
Himanshu Mehta  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jul 2016 00:00Current
0.1Low risk
Vulners AI Score0.1
dropboxdll hijackingremote code executionvulnerabilitywindows 7
44