The issue was found by leveraging Sysinternals Process Explorer, to search through running processes for all DLLs loaded and called by running applications. ![]() While playing around with SpecterOps' automated dll hijacking discovery I found an NVIDIA DLL what was vulnerable to hijack. Often the application will behave no differently because malicious DLLs may be configured to also load the legitimate DLLs they were meant to replace or where a DLL doesn't Finding The Issue If a vulnerable application is configured to run at a higher privilege level, then the malicious DLL that is loaded will also be executed at the higher level thus achieving escalation of privilege. Essentially it is possible to force an application to load a malicious DLL by hijacking the search order used to load legitimate content. What is DLL Hijacking?ĭynamic-Link Library (DLL) search order hijacking, often shortened to DLL hijacking, is a process of exploiting execution flow of an application via external DLLs. It comes pre-bundled with all NVIDIA drivers and as a result is probably installed on your machine if you've got a NVIDIA card in your machine. The utility allows administrators to query GPU device state and with the appropriate privileges, permits administrators to modify GPU device state. ![]() The NVIDIA System Management Interface (nvidia-smi) is a command line utility, based on top of the NVIDIA Management Library (NVML), intended to aid in the management and monitoring of NVIDIA GPU devices. This is my first CVE of 2020 that's not a HoneyPoC. ![]() CVE‑2020‑5980 affects NVIDIA Windows GPU Display Driver which contains a vulnerability in multiple components where a securely loaded system DLL will load its dependencies in an insecure fashion.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |