- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: The vulnerability is in the form of DLL Hijacking.
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
The vulnerability is in the form of DLL Hijacking.
The installers try to load DLLs that don’t exist from its current directory;
For our Driver .exe, The installer tries to load a dll named “RICHED20.dll”. by doing so, he can quickly escalate its privileges.
Additional missing DLL List:
1.LZ32.dll
2. VERSION.dll
3. WINMM.dll
4. msi.dll
5. DNSAPI.dll
6. WINMMBASE.dll
7. PROPSYS.dll
8. RICHED32.dll
9. USP10.dll
10. msls31.dll
11. sfc_os.dll
Steps to reproduce:
1. Use DLL proxy to OS DLLs, I assume you don't need source code of an exploit doing that.
2. Place the malicious dll in the current directory of the installer
3. Finally, the installer tries to load DLLs from the current directory like RICHED20.dll for our Driver .exe and many more dlls that could also be hijacked.
Impact:
1. Privilege Escalation
2. DoS
Mitigation:
Don’t load DLLs from the current directory
We use installShield 2015 premier.
Do you know installShield version resolved this security issue?
or this security issue still remains in the most recent installShield version?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi - this issue has been addressed in Installshield 2016 SP2 onwards. Full details of this can be found in the following link including hotfix's for earlier versions:
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Thank you for your answer.
Maybe this issue is resolved for all window environment in Installshield 2016 SP2 onwards?
This issue is not reproduced in clean window environment.
but it it reproduced in window installed security tool or vaccine.
Also is this considered depending on user PC environment ?
Please kindly let me know
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Get GoGPayslip your e payslip effectively and rapidly so you can go anyplace on versatile or PCs using the web. Is it accurate to say that it isn’t convenient.