Discord Untrusted Search Path Vulnerability in profapi.dll

A vulnerability allowing code injection through an untrusted search path in the profapi.dll library has been identified in Discord versions prior to 1.0.9177 on Windows. This vulnerability arises because the application loads DLL files from a local installation folder, creating an opportunity to inject malicious code into a non-existent 'profapi.dll' file. Such manipulation could potentially lead to remote code execution via DLL injection.

Impact

Exploitation of this vulnerability could allow for operating system command injection, with the possibility of remote code execution through DLL injection.

Reproduction

To reproduce this vulnerability, install a vulnerable version of Discord on Windows. During the application's startup, it will load DLL files from the local installation directory. Place a malicious 'profapi.dll' file in the installation folder. The application will load this DLL, allowing the injected code to execute. This process takes advantage of the untrusted search path, where the application fails to verify the integrity of the DLL being loaded.