TallyEditLog version 2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

gistfile1.txt

Steps 

> [Suggested description]
> TallyEditLog version 2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. An attacker can upload malicious dll files on the system and lead to complete system compromise including loss of data.
>
> ------------------------------------------
>
> [Additional Information]
> Proof Of Concept: https://drive.google.com/drive/folders/1x7IYZDc2Wqn2kUdtINotjd8EDe_vWSYR?usp=drive_link
> Vendor HomePage Link: https://tallysolutions.com/
> Software Link: https://tallysolutions.com/download/support-files/
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> DLL Hijacking
>
> ------------------------------------------
>
> [Vendor of Product]
>Tally
>
> ------------------------------------------
>
> [Affected Product Code Base]
> TallyEditLog - 2.1
>
> ------------------------------------------
>
> [Affected Component]
> TextShaping.dll
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> TextShaping.dll is missing from Installed path of Easy Chat Server so an attacker can craft malicious dll with same name and can execute arbitrary code on system or also perform way of persistence on victim machine
>
> ------------------------------------------
>
> [Reference]
> https://tallysolutions.com/download/support-files/

>
> ------------------------------------------
>
> [Discoverer]
> Manpreet Singh Kheberi

Use  CVE-2024-48091