Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#12871 closed Bug report (invalid)

DLL Hijacking

Reported by: Bilal Qureshi Owned by: Bilal Qureshi
Priority: critical Component: FileZilla Client
Keywords: RCE, 0day, DLL Hijacking Cc: Bilal Qureshi
Component version: FileZilla Client 3.63.1 Operating system type: Windows
Operating system version: Windows 10 Pro 64-bit


DLL Hijacking vulnerability is discovered in latest version of FileZilla Client which is 3.63.1 which allows an attacker to gain access, execute arbitrary code via crafted DLL.

Attachments (1)

FileZilla RCE.pdf (392.0 KB ) - added by Bilal Qureshi 15 months ago.
FileZilla RCE

Download all attachments as: .zip

Change History (6)

by Bilal Qureshi, 15 months ago

Attachment: FileZilla RCE.pdf added

FileZilla RCE

comment:1 by Bilal Qureshi, 15 months ago

Owner: set to Bilal Qureshi
Status: newaccepted

comment:2 by Tim Kosse, 15 months ago

Resolution: invalid
Status: acceptedclosed


If you have the permissions to place such a DLL you could just as well directly replace filezilla.exe with a malicious executable.

Furthermore, if you had actually checked how and by which other component this library is being loaded, you would have realized that this is an issue you must report to Microsoft, as only they can change Windows itself.

comment:3 by Bilal Qureshi, 15 months ago

dll library is being execute by FileZilla as this dll library is programmed to be execute in the same folder by FileZilla its not being loaded by any other party but except FileZilla itself.

comment:4 by Bilal Qureshi, 15 months ago

DLL Hijacking vulnerability exists at this version, FileZilla loads this dll without checking whether it's legitimate to support or it's malicious.

comment:5 by Tim Kosse, 15 months ago

Please do yourself a favor and look at the callstack in debugger at the point this DLL is being loaded.

Note: See TracTickets for help on using tickets.