VMWare Horizon 5.4 DLL Hijacking

Posted on 23 May 2017

# Exploit Title: [vmware horizon client 5.4 - DLL Hijacking] # Date: [date] # Discoverer: [Owais Mehtab, Tayeeb Rana] # Vendor Homepage: [https://vmware.com] # Software Link: [https://my.vmware.com/web/vmware/details?productId=331&downloadGroup=VIEWCLIENTS_WIN64_540] # Version: [5.4 5.4.0.2007] # Tested on: [Win7 Sp1] VMWare Horizon Client 5.4 other versions may also be affected Description:- The application suffers from dll hijacking vulneravbility since it looks for a dll named Trutil.dll without explicitly calling it from absolute path Exploitation:- create a malicious dll and place it under the vmware horizon client installation folder or any folder that is defined in PATH variable named as Trutil.Dll Now wait for service/application to start to get shell.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Apache Solr Backup/Restore API Remote Code Execution
Nginx 1.25.5 Host Header Validation
Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload

Last 20