[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Sony PS4 Remote Play - DLL Hijack vulnerability

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Sony PS4 Remote Play - DLL Hijack vulnerability
From: Maelstrom Security via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Sat, 09 Dec 2017 14:36:27 -0500

Application: PS4 Remote Play
Application Version: 2.5.0.9220
Platform: Windows
Vendor: Sony
Notified at: secure@xxxxxxxx (3 months ago),no reply, and still no fix...

PS4 Remote Play application is vulnerable to DLL Hijacking Vulnerability. If 
executable is installed in unprotected directories (where any user can have 
access)or in portable form (which is often installed outside of program files 
or %windir%) it is possible to hijack DLL by placing malformed dll in 
application directory and run malicious actions (arbitrary code execute with 
the privilige level of executing user) when application loads the dll.

Affected Library List
---------------------
VERSION.dll
CRYPTSP.dll
DWrite.dll
iphlpapi.dll
rasapi32.dll
rtutils.dll
winhttp.dll
secur32.dll
WindowsCodecs.dll
RichEd20.DLL
d3d9.dll
igdumd32.dll
WtsApi32.dll
WINSTA.dll
USERENV.dll
WindowsCodecsExt.dll
urlmon.dll
AUDIOSES.DLL

More info & Remediation:
https://blogs.technet.microsoft.com/srd/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/

Thank You,
Maelstrom Security

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access
Next by Date: [FD] SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution
Previous by thread: [FD] Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access
Next by thread: [FD] SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution
Index(es):
- Date
- Thread