SSD Advisory – ZTE uSmartView DLL Hijacking

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability summary
The following advisory describes an DLL Hijacking found in ZTE uSmartView.

ZTE uSmartView offers: “ZTE provides full series of cloud computing products (including cloud terminals, cloud desktops, virtualization software, and cloud storage products) and end-to-end integrated product, which can be applied to different scenarios such as office, training classroom, multimedia classroom, and business hall.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Response
ZTE has been notified on the 13th of August 2017, several emails were exchanged, but no ETA for a fix or workaround have been provided for the following vulnerabilities.

Continue reading SSD Advisory – ZTE uSmartView DLL Hijacking

SSD Advisory – Dashlane DLL Hijacking

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a DLL Hijacking vulnerability found in Dashlane.

Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely sync their data between an unlimited number of devices on all platforms.”

Credit
An independent security researcher, Paulos Yibelo, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We have informed Dashlane of the vulnerability, their answer was: “Since there are many ways to load DLLs/code in a process under Windows, we are currently rewriting part of the installer to install in Program Files (we use %appdata% for the non admin users like many other applications), and you can already replace DLLl/exe if you are privileged to write in the user %appdata%/…/dashlane directory, we won’t change the current way of loading DLLs in the short term.”

At this time there is no solution or workaround for this vulnerability.

CVE: CVE-2017-11657
Continue reading SSD Advisory – Dashlane DLL Hijacking