pidgin 2.11.0 DLL Hijacking Vulnerability
mehta.himanshu21 at gmail.com
Fri Jul 15 14:45:34 EDT 2016
I have downloaded file from https://www.pidgin.im/download/
Vulnerability is in pidgin installer that I confirm, and so request you to
test it again.
Thanks & Regards,
On Thu, Jul 14, 2016 at 8:58 PM, Daniel Atallah <daniel.atallah at gmail.com>
> Himanshu Meta,
> This looks like it's probably a bug in the NSIS installer framework.
> I suggest that you report the bug to the NSIS folks as the bug will likely
> need to be fixed there before we can fix it in Pidgin (apart from switching
> to a different installer framework) - it also likely affects other usage of
> the common NSIS framework.
> On Jul 14, 2016 8:05 AM, "Himanshu Mehta" <mehta.himanshu21 at gmail.com>
>> Please request for CVE.
>> Summary pidgin contains a DLL hijacking vulnerability that could allow an
>> unauthenticated, remote attacker to execute arbitrary code on the targeted
>> system. The vulnerability exists due to some DLL file is loaded by
>> ‘pidgin_2.11.0.exe' improperly. And it allows an attacker to load this DLL
>> file of the attacker’s choosing that could execute arbitrary code without
>> the user's knowledge.
>> Affected Product: pidgin 2.11.0
>> Impact Attacker can exploit this vulnerability to load a DLL file of the
>> attacker's choosing that could execute arbitrary code. This may help
>> attacker to Successful exploit the system if user creates shell as a DLL.
>> Vulnerability Scoring Details The vulnerability classification has been
>> performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
>> Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
>> More Details: For software downloaded with a web browser the application
>> directory is typically the user's "Downloads" directory: see
>> and http://seclists.org/fulldisclosure/2012/Aug/134 for "prior art"
>> about this well-known and well-documented vulnerability.
>> If an attacker places malicious DLL in the user's "Downloads" directory
>> (for example per "drive-by download" or "social engineering") this
>> vulnerability becomes a remote code execution.
>> Proof of concept/demonstration:
>> 1. Create a malicious ntmarta.dll file and save it in your "Downloads" directory.
>> 2. Download pidgin_2.11.0.exe from and save it in your "Downloads" directory.
>> 3. Execute pidgin_2.11.0.exe from your "Downloads" directory.
>> 4. Malicious dll file gets executed.
>> Thanks & Regards,
>> Himanshu Mehta
>> security mailing list
>> security at pidgin.im
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security