vendor:
Hubstaff
by:
Ahsan Azad
N/A
CVSS
HIGH
DLL Search Order Hijacking
427
CWE
Product Name: Hubstaff
Affected Version From: 1.6.13
Affected Version To: 1.6.14
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: 64-bit operating system, x64-based processor
2023
Hubstaff 1.6.14-61e5e22e – ‘wow64log’ DLL Search Order Hijacking
During testing, it was found that the system32 subdirectory was missing a DLL library with the name wow64log.dll that had been required by the hubstaff's setup file during installation. Hence, using Metasploit's msfvenom to create a new wow64log.dll file, Tester was able to get a reverse shell locally.
Mitigation:
Vendor should ensure that all required DLL libraries are included in the system32 subdirectory during installation.