| Título | Flos Freeware Notepad2 4.2.25 Uncontrolled Search Path |
|---|
| Descrição | Notepad2 version 4.2.25 (x86) fails to securely load the system DLL "PROPSYS.dll" by using a relative path or relying on the default Windows DLL search order without mitigation. This allows an attacker with local access to place a malicious PROPSYS.dll in a directory that precedes the legitimate System32 path in the search order (such as the application's installation directory, current working directory, or a user-writable location alongside the Notepad2 executable). When the vulnerable Notepad2 process loads PROPSYS.dll, the malicious DLL is executed in the context of the Notepad2 process. This results in arbitrary code execution with the privileges of the user running Notepad2 (typically standard user privileges), enabling actions such as installing persistence mechanisms, stealing data (e.g., keylogging or credential theft), dropping ransomware or other payloads, or pivoting to compromise additional systems on the network.
The attack leverages the trusted nature of the legitimate software to bypass user suspicion and potentially evade some antivirus detections, especially if the malicious DLL forwards calls to the genuine PROPSYS.dll to maintain application functionality and avoid crashes.
The POC video link I provide is intended to demonstrate one scenario where an attacker places a malicious PROPSYS.dll (containing reverse shell functionality) in the same directory as notepad2.exe. When the user executes notepad2.exe, the attacker's command-and-control server immediately receives an inbound shell connection from the victim's machine. |
|---|
| Fonte | ⚠️ https://drive.google.com/file/d/1o3A3x47B2gi645H02-28qgoIgGN-g6rK/view |
|---|
| Utilizador | haehanse (UID 95883) |
|---|
| Submissão | 07/03/2026 16h35 (há 3 meses) |
|---|
| Moderação | 21/03/2026 17h44 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 352372 [Flos Freeware Notepad2 4.2.25 PROPSYS.dll Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|