SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Physical Security
#
Video
#
CIOs
CyFox identifies critical hijacking vulnerability in popular streaming software
Thu, 3rd Aug 2023
Author image
By Catherine Knowles, Journalist
Follow us

CyFox has recently identified a critical hijacking vulnerability in Stremio 4.4, a popular and versatile software platform for streaming movies and TV shows. With more than 5 million users relying on Stremio for their entertainment needs, this vulnerability poses a significant risk to their security and data.

The vulnerability, known as "Application Directory DLL Planting," allows attackers to exploit DLL (Dynamic Link Library) hijacking, which in turn enables them to execute arbitrary code with the privileges of the targeted application or escalate their privileges on the system. The consequences of this vulnerability can be severe, ranging from remote code execution to information theft and system compromise.

By exploiting this vulnerability, attackers can gain unauthorised access to systems, steal sensitive data, and potentially compromise the entire network. Given the large user base of Stremio, the potential impact of this vulnerability is a cause for concern.

Stremio relies on DLLs (Dynamic Link Libraries), which are fundamental to Windows and many applications, enabling a modular approach to software development, encouraging code reuse, and accessing shared functions and resources for smooth operation.

The vulnerability in Stremio arises from the use of two Windows API functions, LoadLibraryA and LoadLibraryExA, with the latter providing attackers the opportunity to plant malicious DLLs in the application directory, leading to unauthorised code execution.

CyFox researchers have identified four vulnerable DLL files: SspiCli.dll, RTWorkQ.dll, profapi.dll, and UMPDC.dll. By leveraging msfvenom, the researchers successfully obtained a reverse shell on the remote target, highlighting the severity of this vulnerability.

Attackers can exploit DLL hijacking in Stremio to achieve various malicious objectives, including:

  • Remote Code Execution: Substituting legitimate DLLs with malicious ones enables attackers to execute code remotely, leading to unauthorised access and potential data theft.
  • Privilege Escalation: If an application with elevated privileges loads a vulnerable DLL from an untrusted location, attackers can execute code with elevated privileges, bypassing security controls.
  • Information Theft: Attackers can intercept and manipulate sensitive data passing through the hijacked DLL, allowing them to steal login credentials and confidential information.
  • System Compromise: This vulnerability can serve as an entry point for attackers to gain broader access to the system and potentially establish persistent backdoors.

Nir Yehoshua, Chief Researcher and Team Leader at CyFox, says, "The discovery of this vulnerability in Stremio underscores the importance of continuous vigilance in the realm of cybersecurity. At CyFox, we remain committed to empowering users and organisations with knowledge to secure their digital landscapes."

Related stories
BeyondTrust lauded as a leader in Identity Threat Detection
Cradlepoint launches rapid-deploy secure network solution NetCloud SASE
Ransomware attacks rise in global food & agriculture sector
BeyondTrust's 2024 report reveals top Microsoft vulnerabilities
Former Google Cloud VP Jeff Reed joins Vectra AI as Chief Product Officer
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity