Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Audacity 2.1.2 DLL Hijacking Vulnerability

🗓️ 04 Jan 2017 00:00:00Reported by Breno CunhaType 
zdt
 zdt🔗 0day.today👁 46 Views

Audacity 2.1.2 DLL Hijacking Vulnerability, Unsafe DLL search path, potential remote code executio

Code
Unsafe DLL search path in Audacity 2.1.2
    
  Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents ]======================================================
  
1. Overview  
2. Detailed description  
3. Further attack scenarios     
4. Timeline of disclosure    
5. Thanks & Acknowledgements  
6. References

=====[ 1. Overview ]============================================================
 
* System affected  : Audacity [1].
* Software Version : 2.1.2 (other versions may also be affected).
* Impact           : A user may be infected by opening an audio file in 
                     Audacity, from an untrusted location i.e. usb flash drive, 
                     network file share.

=====[ 2. Detailed description ]================================================

Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load 
avformat-55.dll without supplying the absolute path, thus relying upon the 
presence of such DLL on the system directory. This behavior results in an 
exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is 
enabled.

The vulnerability report can be found at the following URL:

http://forum.audacityteam.org/viewtopic.php?f=46&t=92698

Audacity neglected the risk associated with the vulnerability [2].

=====[ 3. Further attack scenarios ]============================================

The attacker can place a malicious dll named avformat-55.dll in the same folder 
of an Audacity project file. Upon opening the project file Audacity will load
and execute the malicious code within its proccess context. The attack may be 
carried out remotely by inducing the victim to open the project file from an 
external storage device or a network file share.

=====[ 4. Timeline of disclosure ]==============================================

08/15/2016 - Reported vulnerability.
08/15/2016 - Audacity neglected the risk.
12/11/2016 - Advisory publication date.

=====[ 5. Thanks & Acknowledgements ]===========================================

- Breno Cunha    < brenodario () gmail.com >
- Felipe Azevedo < felipe3gomes () gmail.com >
- Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ 6. References ]==========================================================

[1] http://www.audacityteam.org

[2] http://forum.audacityteam.org/viewtopic.php?f=46&t=92698

[3] http://www.tempest.com.br


#  0day.today [2018-03-28]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Jan 2017 00:00Current
6.9Medium risk
Vulners AI Score6.9
audacity vulnerabilitydll hijackremote executiontempest security intelligencedisclosure timeline
46