2022/03/30 - AttacheCase may insecurely load Dynamic Link Libraries
AttacheCase may insecurely load Dynamic Link Libraries
[ Reproduction procedure ]
Placing a maliciously modified "dwmapi.dll" in the location of the "AttacheCase4" executable file (AttacheCase.exe) that may allow arbitrary code to be executed.
[ Target version ]
[ Avoidance and countermeasures ]
Please update to the latest version as soon as possible.
More specifically, instead of searching for the location of the executable file (AttacheCase.exe), "dwmapi.dll" is necessary for the operation of AttacheCase4, was modified to search and load only in "system32".
When loading "dwmapi.dll", load it directly from the "system32" directory.