Vigil@nce - Windows: privilege escalation via DLL Loading
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open an Office document from
a directory containing a malicious wab32res.dll library, in order
to execute code with victim’s privileges.
Impacted products: Windows 2008 R0, Windows Vista.
Severity: 2/4.
Creation date: 08/03/2016.
Revision date: 09/03/2016.
DESCRIPTION OF THE VULNERABILITY
When an Office application opens a document containing a "For
&People..." object, the wab32res.dll library is loaded.
However, this DLL is loaded from the current directory.
An attacker can therefore invite the victim to open an Office
document from a directory containing a malicious wab32res.dll
library, in order to execute code with victim’s privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Windows-privilege-escalation-via-DLL-Loading-19123