| Title | Google Earth Pro v7.3.4.8642 - DLL Hijacking |
|---|
| Description | Title: Google Earth Pro v7.3.4.8642 - DLL Hijacking PoC
Date: 07/09/2022
Author: MrEmpy
Vendor Homepage: https://www.google.com/
Software Link: https://www.google.com.br/earth/
Version: 7.3.4.8642
Tested on: Windows
Title:
================
Google Earth Pro v7.3.4.8642 - DLL Hijacking PoC
Summary:
================
Google Earth Pro version 7.3.4.8642 is vulnerable to a DLL Hijacking attack by exchanging a DLL in the software's main directory. DLL swapping can lead a malicious user to arbitrarily execute malicious code.
This vulnerability is considered a day 0 fault, as it was discovered recently and the company responsible for the software was not notified or aware of this issue.
Affected Product:
================
Google Earth Pro v7.3.4.8642
Proof of Concept:
================
There is a video demonstrating the attack. The video doesn't show in detail, because as mentioned above, this flaw was discovered recently and the company that owns the software doesn't know this weakness.
https://www.youtube.com/watch?v=YGOWlIXf5-0 |
|---|
| Source | ⚠️ https://www.google.com.br/earth/ |
|---|
| User | mrempy (UID 24379) |
|---|
| Submission | 09/07/2022 15:30 (4 years ago) |
|---|
| Moderation | 09/16/2022 07:14 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 208721 [Google Earth Pro 7.3.4.8642 on Windows uncontrolled search path] |
|---|
| Points | 20 |
|---|