Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

The latest Baidunetdisk for windows pc client has a dll hijacking vulnerability Baidunetdisk download address: https://pan.baidu.com/download

Runn baidunetdisk.exe will load 10 dll files

MFPlat.dll
RTWorkQ.DLL
msmpeg2vdec.dll
msvproc.dll
UMPDC.dll
dxgi.dll
d3d11.dll
dcomp.dll
D3DSCache.dll
midimap.dll

The attacker only needs to put the elaborate dll in the root directory of Baidunetdisk