Skip to content

Instantly share code, notes, and snippets.

@hax3xploit

hax3xploit/GenymotionDesktop.md Secret

Last active December 23, 2023 16:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hax3xploit/3210813c7221f3ae505494da57f26cbc to your computer and use it in GitHub Desktop.
Save hax3xploit/3210813c7221f3ae505494da57f26cbc to your computer and use it in GitHub Desktop.
Download ZIP
DLL Search Order Hijacking
Raw
GenymotionDesktop.md

The name of an affected Product : Genymotion Desktop

Researcher: Abdullah Khawaja

Vendor HomePage Link: https://www.genymotion.com

Software Link: https://dl.genymotion.com/releases/genymotion-3.3.2/genymotion-3.3.2.exe

Affected Version : 3.3.2

Vulnerability Type : DLL Hijacking

Description : profapi.dll is missing so an attacker can use a malicious dll with same name and can get a admin privileges and also perform a way of persistence on the victim machine.

Impact : An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM PRIVILEGES as well the attacker can maintain persistence on the target system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment