what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Audacity 2.1.2 DLL Hijacking

Audacity 2.1.2 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-7/2016 - Audacity version 2.1.2 is vulnerable to dll hijacking as it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such dll on the system directory. This behavior results in an exploitable dll hijacking vulnerability, even if the SafeDllSerchMode flag is enabled.

tags | advisory
SHA-256 | 40d084801ba07dda72838efafa5dcf50fc384632d13c75c174d64d1ab807aa8a

Audacity 2.1.2 DLL Hijacking

Change Mirror Download
=====[ Tempest Security Intelligence - ADV-7/2016 ]=============================

Unsafe DLL search path in Audacity 2.1.2

Author: Felipe Xavier Oliveira < engfilipeoliveira89 () gmail.com >

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents ]======================================================

1. Overview
2. Detailed description
3. Further attack scenarios
4. Timeline of disclosure
5. Thanks & Acknowledgements
6. References

=====[ 1. Overview ]============================================================

* System affected : Audacity [1].
* Software Version : 2.1.2 (other versions may also be affected).
* Impact : A user may be infected by opening an audio file in
Audacity, from an untrusted location i.e. usb flash drive,
network file share.

=====[ 2. Detailed description ]================================================

Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load
avformat-55.dll without supplying the absolute path, thus relying upon the
presence of such DLL on the system directory. This behavior results in an
exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is
enabled.

The vulnerability report can be found at the following URL:

http://forum.audacityteam.org/viewtopic.php?f=46&t=92698

Audacity neglected the risk associated with the vulnerability [2].

=====[ 3. Further attack scenarios ]============================================

The attacker can place a malicious dll named avformat-55.dll in the same folder
of an Audacity project file. Upon opening the project file Audacity will load
and execute the malicious code within its proccess context. The attack may be
carried out remotely by inducing the victim to open the project file from an
external storage device or a network file share.

=====[ 4. Timeline of disclosure ]==============================================

08/15/2016 - Reported vulnerability.
08/15/2016 - Audacity neglected the risk.
12/11/2016 - Advisory publication date.

=====[ 5. Thanks & Acknowledgements ]===========================================

- Breno Cunha < brenodario () gmail.com >
- Felipe Azevedo < felipe3gomes () gmail.com >
- Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ 6. References ]==========================================================

[1] http://www.audacityteam.org

[2] http://forum.audacityteam.org/viewtopic.php?f=46&t=92698

[3] http://www.tempest.com.br

=====[ EOF ]====================================================================
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close