DLL hijacking is an attack that exploits the Windows search and load algorithm, allowing an attacker to inject code into an application through disk manipulation. In other words, simply putting a DLL file in the right place causes a vulnerable application to load that malicious DLL
Vulnerable Application: https://www.advanced-ip-scanner.com
Vulnerable Version: Advanced_IP_Scanner_2.5.3850
Vulnerable DLL: C:\Users\<NAME OF USER>\AppData\Local\Temp\Advanced IP Scanner 2\dnssd.dll
Steps to reproduce:
1 – Put a malicious DLL on Vulnerable DLL place
2 – Open Advanced IP Scanner, and run it on portable mode
3 – The malicious dll is going to be executed
This vulnerability has been published according to the responsible disclosure model, the vulnerability is still present in the product.
Italiano
English