Panasonic AutoDownloader DLL Search Path Vulnerability in Installer
Vulnerability
A vulnerability has been identified in the installer of Panasonic AutoDownloader version 1.2.8. The issue arises from the DLL search path, which may allow for the loading of a malicious DLL file from the same directory. This vulnerability could enable the execution of harmful programs during the installation process, although it does not affect the system after the installation is complete.
Impact
Exploitation of this vulnerability could lead to the execution of malicious programs by loading harmful DLLs through the installer.
Reproduction
To reproduce this vulnerability, place a crafted DLL file in the same directory as the AutoDownloader installer version 1.2.8. When the installer is executed, it may load the malicious DLL, potentially leading to the execution of a harmful program.
Remediation
Users are advised to delete AutoDownloader version 1.2.8 from their systems. The software has been removed from the download site, and users should transition to AutoDownloaderLite. If AutoDownloader 1.2.8 is already installed, ensure that no other files or DLLs are present in the same folder as the executable before running the installer.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.