Home / os / winmobile

VMWare Horizon 5.4 DLL Hijacking

Posted on 23 May 2017

# Exploit Title: [vmware horizon client 5.4 - DLL Hijacking] # Date: [date] # Discoverer: [Owais Mehtab, Tayeeb Rana] # Vendor Homepage: [https://vmware.com] # Software Link: [https://my.vmware.com/web/vmware/details?productId=331&downloadGroup=VIEWCLIENTS_WIN64_540] # Version: [5.4 5.4.0.2007] # Tested on: [Win7 Sp1] VMWare Horizon Client 5.4 other versions may also be affected Description:- The application suffers from dll hijacking vulneravbility since it looks for a dll named Trutil.dll without explicitly calling it from absolute path Exploitation:- create a malicious dll and place it under the vmware horizon client installation folder or any folder that is defined in PATH variable named as Trutil.Dll Now wait for service/application to start to get shell.

 

TOP