Headline
CVE-2022-48077: DLL Search Order Hijacking
Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
The name of an affected Product : Genymotion Desktop****Vendor HomePage Link: https://www.genymotion.com****Software Link: https://dl.genymotion.com/releases/genymotion-3.3.2/genymotion-3.3.2.exe****Affected Version : 3.3.2****Vulnerability Type : DLL Hijacking****Description : profapi.dll is missing so an attacker can use a malicious dll with same name and can get a admin privileges and also perform a way of persistence on the victim machine.****Impact : An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM PRIVILEGES as well the attacker can maintain persistence on the target system.