Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.
f9156bed3c4501962e7c625db7d1820c157af7c061dbcc82b917eb9966b17fccTitle: Acunetix 10 Multi DLL Hajacking
Application: Acunetix
Versions Affected: 10.0
Vendor URL: http://www.acunetix.com
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: DLL Hajacking
Date: 22-Nov-2016
Description:
A local dll injection vulnerability has been discovered in the official
Acunetix software.The issue allows local attackers to inject code to
vulnerable libraries to compromise the process or to gain higher access
privileges.
Affected Area(s):
ssleay32.dll
libeay32.dll
pcre.dll
sqlite3.dll
SciLexer.dll
Proof of Concept:
For security demonstration or to reproduce the vulnerability follow the
provided information and steps below to continue.
Manual steps to reproduce the local vulnerability ...
1. Compile dll and rename to 'libeay32.dll' or other effected areas
2. Copy libeay32.dll[or other effected areas] to C:\Program Files
(x86)\Acunetix\Web Vulnerability Scanner 10
3. Launch wvs.exe
4. MessageBox Executed..!
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed