#12871 closed Bug report (invalid)
DLL Hijacking
Reported by: | Bilal Qureshi | Owned by: | Bilal Qureshi |
---|---|---|---|
Priority: | critical | Component: | FileZilla Client |
Keywords: | RCE, 0day, DLL Hijacking | Cc: | Bilal Qureshi |
Component version: | FileZilla Client 3.63.1 | Operating system type: | Windows |
Operating system version: | Windows 10 Pro 64-bit |
Description
DLL Hijacking vulnerability is discovered in latest version of FileZilla Client which is 3.63.1 which allows an attacker to gain access, execute arbitrary code via crafted DLL.
Attachments (1)
Change History (6)
by , 22 months ago
Attachment: | FileZilla RCE.pdf added |
---|
comment:1 by , 22 months ago
Owner: | set to |
---|---|
Status: | new → accepted |
comment:2 by , 22 months ago
Resolution: | → invalid |
---|---|
Status: | accepted → closed |
Bollocks.
If you have the permissions to place such a DLL you could just as well directly replace filezilla.exe with a malicious executable.
Furthermore, if you had actually checked how and by which other component this library is being loaded, you would have realized that this is an issue you must report to Microsoft, as only they can change Windows itself.
comment:3 by , 22 months ago
dll library is being execute by FileZilla as this dll library is programmed to be execute in the same folder by FileZilla its not being loaded by any other party but except FileZilla itself.
comment:4 by , 22 months ago
DLL Hijacking vulnerability exists at this version, FileZilla loads this dll without checking whether it's legitimate to support or it's malicious.
comment:5 by , 22 months ago
Please do yourself a favor and look at the callstack in debugger at the point this DLL is being loaded.
FileZilla RCE