CVE-2018-6318

The CVE-2018-6318 entry applies to Sophos Tester Tool 3.2.0.7 Beta. The vulnerability is a DLL hijacking flaw where the driver loads a DLL from userland (NTDLL.DLL) without validating the DLL’s signature or hash. An attacker could replace the DLL with a malicious one (locally or via remote access...

Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出

本記事は、Windows Security のブログ “Detecting reflective DLL loading with Windows Defender ATP” 2017 年 11 月 13 日 米国時間公開...

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In...

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In...

Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

CVE-2017-11769

The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability"...

JVN#94056834: Installer of HIBUN Confidential File Viewer may insecurely load Dynamic Link Libraries and invoke executable files

Installer of HIBUN Confidential File Viewer provided by Hitachi Solutions, Ltd. contains an issue with the search path for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact Arbitrary code may be executed with the...

TRIE Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete...

Microsoft Windows DLL Loading CVE-2017-11769 Multiple Local Privilege Escalation Vulnerabilities

Description Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Cisco FindIT Network Discovery Utility Code Execution Vulnerability

Cisco FindIT Network Discovery Utility is a network device manager from Cisco USA. The product provides management functions for Cisco network devices. A security vulnerability exists in the Cisco FindIT Network Discovery Utility. A local attacker can exploit this vulnerability by placing an...

Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries

Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

JVN#26115441: Installer of ”Remote Support Tool (Enkaku Support Tool)” may insecurely load Dynamic Link Libraries

Installer of ”Remote Support Tool Enkaku Support Tool” provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary...

JVN#71104430: Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Installer of Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege...

JVN#81659403: Installer of Qua station connection tool for Windows may insecurely load Dynamic Link Libraries

Qua station provided KDDI CORPORATION is a 4G LTE photostrage. Qua station connection tool is used to view data saved on Qua station from a PC and/or save data on a PC. Installer of Qua station connection tool for Windows contains an issue with the DLL search path, which may lead to insecurely...

CVE-2017-12480

The CVE-2017-12480 entry concerns Sandboxie installer version 5071703 with a DLL hijacking/unsafe DLL loading vulnerability. An attacker could place a malicious dwmapi.dll or profapi.dll in an AppData\Local\Temp directory, leading to code execution when the installer loads the DLL. The issue is d...

Schneider Electric Pro-face GP-Pro EX Arbitrary Code Execution Vulnerability

Pro-face GP-Pro EX is the development software for Pro-face GP4000, GP4100, GP4000M, LT4000M, LT3000, EZ Series, SP5000 Smart Portal series products. An arbitrary code execution vulnerability exists in the implementation of Schneider Electric GP Pro EX version 4.07.000, which can be exploited by ...

Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Overview Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#02852421: Installer of Yahoo! Toolbar (for Internet explorer) may insecurely load Dynamic Link Libraries

Installer of Yahoo! Toolbar for Internet explorer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the Latest Installer Use the...

Schneider Electric Pro-Face WinGP Arbitrary Code Execution Vulnerability

Pro-Face GP Pro-Server EX is the HMI development software of choice for supporting dedicated and open HMI PC-based solutions. An arbitrary code execution vulnerability exists in Schneider Electric Pro-Face WinGP, which can be exploited by an attacker to force the process to load an arbitrary DLL...

The vulnerability in the loading of DLL files of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to install or execute a file with privileges equivalent to those of a Microsoft Windows system administrator account.

The vulnerability related to the loading of DLL files in the Cisco AnyConnect Secure Mobility Client encryption solution stems from deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to install or execute a DLL file with privileges equivalen...