MULTIPLE VULNERABILITY REPORT: Multiple DLL Hijacking Vulnerability in CygWin setup-x86_64.exe
Csaba Ráduly
rcsaba@gmail.com
Sun Feb 11 19:19:09 GMT 2024
On 06/02/2024 23:10, Kaz Kylheku via Cygwin wrote:
> On 2024-02-04 21:22, Suman Chakraborty via Cygwin wrote:
>> 1. Executive Summary:
>>
>> The vulnerability pertains to not finding
>> the profapi.dll, CFGMGR32.dll, edputil.dll, urlmon.dll, SspiCli.dll,
>> Wldp.dll, MPR.dll, ServicingCommon.dll, TextShaping.dll, CRYPTBASE.DLL,
>> PROPSYS.dll and insecure loading of dynamic link libraries (DLLs),
>> specifically profapi.dll. If exploited, this vulnerability could allow an
>> attacker to execute arbitrary code on a victim's machine, potentially
>> leading to data breaches, system compromise, and other malicious activities.
> By what means is setup.exe probing these DLLs?
>
> I don't see any references to profapi.dll in its source tree
> (git grep -i profapi turns up nothing).
According to Dependecy Walker, profapi.dll is a dependency of userenv.dll,
which in turn is a dependency of sechost.dll,
which in turn is a dependency of advapi32.dll
I don't think setup-x86_64.exe has any say in how these dependencies are
loaded.
Csaba
--
Life is complex, with real and imaginary parts.
More information about the Cygwin
mailing list