Hainan ToDesk Uncontrolled Search Path Vulnerability in DLL File Parser Component

A critical uncontrolled search path vulnerability has been identified in Hainan ToDesk version 4.7.6.3. This issue arises within the DLL File Parser component, specifically in the profapi.dll library. The vulnerability allows for manipulation of the search path used to locate resources, potentially leading to unauthorized access or execution of files. The vulnerability must be exploited locally, and while the complexity of the attack is considered high, a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability could lead to unauthorized file access or execution, with potential implications for system integrity and availability.

Reproduction

The vulnerability can be reproduced by creating a malicious DLL that is placed in a directory controlled by the user. When ToDesk is launched, the application will search for DLLs in the specified path. If the malicious DLL is found, it can be loaded by the application, leading to arbitrary code execution or other unintended consequences.