DLL Hijacking when Open Malicious File – Vulnerability Note
We have recently sent out newsletter informing the launch and promotion of V5, a very kind security researcher, John Carroll reported that a vulnerability issue was found in our License Manager. For those who have started using V5.1, you may have realized you can now do online license activation, as well as offline activation on your own. Odd enough offline activation is subjected to this threat, but online activation is safe from this attack.
The exploitation involved a prerequisite step, whereby the victim has to open the malicious file from a directory which the attacker controls. That’s why it was advised that user should not visit any untrustworthy remote file system locations, or WebDAV shares and open a document from these locations, because it takes user interaction for a successful attack. And of course you should not open or load any document from any untrustworthy sender, even after you upgrade to this latest version 5.1.818.1 or later. More details is available in Microsoft Development Site.
We must highlight that this is our first direct collaboration with security researcher. And this is the second contribution from this very talented security researcher, John Carroll @n0x00. We owed him big favor and it’s not sufficient by just saying thanks. Furthermore his big heart couldn’t be measured by monetary form. We highly recommend him for any security consultation or penetration test that may be required by your organization.
Summary of Event
- 12-Aug-2016: Security Researcher Contacted IntegraXor support team.
- 15-Aug-2016: Technical report for the vulnerability is received.
- 18-Aug-2016: Security fixed is issued as release candidate for general download.
- 18-Aug-2016: Security researcher confirmed the vulnerability issue has been fixed.
- 22-Aug-2016: Public announcement is made by IntegraXor support team.