Xshell5 5.0 Build 1124 DLL Hijacking

`[+] Title: Xshell5 - "api-ms-win-appmodel-runtime-l1-1-0" DLL Loading Arbitrary Code Execution.  
[+] Credits / Discovery: Nassim Asrir  
[+] Author Email: [email protected]  
[+] Author Company: Henceforth  
  
Vendor:  
===============  
https://www.netsarang.com/  
  
Product Version:  
===============  
  
5.0 Build 1124  
  
Download:  
===========  
  
https://www.netsarang.com/xshell_download.html  
  
About Product:  
===============  
  
Xshell is a powerful terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL. It delivers industry leading performance and feature sets that are not available in its free alternatives. Features that enterprise users will find useful include a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.  
  
Vulnerability Type:  
======================================  
  
DLL Loading Arbitrary Code Execution.  
  
  
  
CVE Reference:  
===============  
N/A  
  
  
Tested on:  
===============   
  
Windows 7 - Winxp  
  
  
Exploit/POC:  
============  
The Setup Launcher for Xshell5 is vulnerable to DLL Arbitrary Code Execution.  
  
1) Download the DLL from: https://mega.nz/#!OYQwxJSJ!Uwaq5N1_1hWlFtPQDgCgKRF2A9kiJvF3g6FmbZ1vM7s.  
  
2) Then copy the DLL to the Xshell5 setup directory.  
  
3) Launch the Setup Launcher then the command "calc" execute, and DONE.  
  
Network Access:  
===============  
  
Remote - Local  
  
  
  
Impact:  
=================  
  
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.  
`