Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

The name of an affected Product : Genymotion Desktop

CVE ID: CVE-2022-48077

Researcher: Abdullah Khawaja

Vendor HomePage Link: https://www.genymotion.com

Software Link: https://dl.genymotion.com/releases/genymotion-3.3.2/genymotion-3.3.2.exe

Affected Version : 3.3.2

Vulnerability Type : DLL Hijacking

Description : profapi.dll is missing so an attacker can use a malicious dll with same name and can get a admin privileges and also perform a way of persistence on the victim machine.

Impact : An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM PRIVILEGES as well the attacker can maintain persistence on the target system.