cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
eunmiko
Level 2

The vulnerability is in the form of DLL Hijacking.

The installers try to load DLLs that don’t exist from its current directory;

For our Driver .exe, The installer tries to load a dll named “RICHED20.dll”. by doing so, he can quickly escalate its privileges.

Additional missing DLL List:

1.LZ32.dll

2. VERSION.dll

3. WINMM.dll

4. msi.dll

5. DNSAPI.dll

6. WINMMBASE.dll

7. PROPSYS.dll

8. RICHED32.dll

9. USP10.dll

10. msls31.dll

11. sfc_os.dll

Steps to reproduce:

1. Use DLL proxy to OS DLLs, I assume you don't need source code of an exploit doing that.

2. Place the malicious dll in the current directory of the installer

3. Finally, the installer tries to load DLLs from the current directory like RICHED20.dll for our Driver .exe and many more dlls that could also be hijacked.

Impact:

1. Privilege Escalation

2. DoS

Mitigation:

Don’t load DLLs from the current directory


We use installShield 2015 premier.

Do you know installShield  version resolved this security issue?

or this security issue still remains in the most recent   installShield  version?

Labels (1)
0 Kudos
(3) Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi - this issue has been addressed in Installshield 2016 SP2 onwards. Full details of this can be found in the following link including hotfix's for earlier versions:

https://community.flexera.com/t5/InstallShield-Knowledge-Base/Windows-loads-a-different-library-or-launches-a-different/ta-p/4739

 

Thank you for your answer.

Maybe this issue is resolved for all window environment in Installshield 2016 SP2 onwards?

This issue is not reproduced in clean window environment.

but it it reproduced in window installed security tool or vaccine.

Also is this considered depending on user PC environment ?

Please kindly let me know

 

0 Kudos

Get GoGPayslip your e payslip effectively and rapidly so you can go anyplace on versatile or PCs using the web. Is it accurate to say that it isn’t convenient.

 

GoGPayslip Login Ghana | Access Payslip Online 

0 Kudos