Xshell5 version 5.0 build 1124 suffers from a dll hijacking vulnerability.
adc9cfccf64d4a92b0becac91603ad2491206bbe65dbe08df6868b17d64fd5f9[+] Title: Xshell5 - "api-ms-win-appmodel-runtime-l1-1-0" DLL Loading Arbitrary Code Execution.
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: wassline@gmail.com
[+] Author Company: Henceforth
Vendor:
===============
https://www.netsarang.com/
Product Version:
===============
5.0 Build 1124
Download:
===========
https://www.netsarang.com/xshell_download.html
About Product:
===============
Xshell is a powerful terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL. It delivers industry leading performance and feature sets that are not available in its free alternatives. Features that enterprise users will find useful include a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.
Vulnerability Type:
======================================
DLL Loading Arbitrary Code Execution.
CVE Reference:
===============
N/A
Tested on:
===============
Windows 7 - Winxp
Exploit/POC:
============
The Setup Launcher for Xshell5 is vulnerable to DLL Arbitrary Code Execution.
1) Download the DLL from: https://mega.nz/#!OYQwxJSJ!Uwaq5N1_1hWlFtPQDgCgKRF2A9kiJvF3g6FmbZ1vM7s.
2) Then copy the DLL to the Xshell5 setup directory.
3) Launch the Setup Launcher then the command "calc" execute, and DONE.
Network Access:
===============
Remote - Local
Impact:
=================
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed