NO-IP DUC 4.1.1 DLL Hijacking

2016-10-20T00:00:00
ID PACKETSTORM:139256
Type packetstorm
Reporter Ehsan Hosseini
Modified 2016-10-20T00:00:00

Description

                                        
                                            `=====================================================  
# NO-IP DUC v4.1.1 - DLL Hijacking  
=====================================================  
# Vendor Homepage: http://noip.com  
# Date: 20 Oct 2016  
# Software Link : http://www.noip.com/client/DUCSetup_v4_1_1.exe  
# Version : 4.1.1  
# Author: Ashiyane Digital Security Team  
# Contact: hehsan979@gmail.com  
=====================================================  
# Description :  
DUC40.exe can be exploited to execute arbitrary code on victims system via  
DLL hijacking.  
  
  
# Vulnerable Libraries:  
bcryptPrimitives.dll  
CRYPTSP.dll  
CRYPTBASE.dll  
  
  
# PoC:  
1. Create a malicious 'bcryptPrimitives.dll' or 'CRYPTSP.dll' or  
'CRYPTBASE.dll' file and save it in "C:\Program Files\No-IP"  
directory.  
2. Execute DUC40.exe from "C:\Program Files\No-IP" directory.  
3. Malicious dll file gets executed.  
=====================================================  
# Discovered By : Ehsan Hosseini  
=====================================================  
`