D-Link D-View 8 Installer DLL Preloading Vulnerability

A DLL preloading vulnerability has been identified in the D-Link D-View 8 installer, specifically in versions through 2.0.1.107. This vulnerability arises from an uncontrolled search path element, allowing attackers to execute malicious code with administrative privileges. When the installer is run with elevated rights via User Account Control (UAC), it attempts to load a DLL file from its execution directory. An attacker can place a harmful version.dll file alongside the legitimate installer, so that when the installer is executed and the UAC prompt is approved, the malicious code is executed. This could lead to a complete system compromise.

Impact

Exploitation of this vulnerability allows for unauthorized code execution with administrative rights, potentially leading to full system compromise.

Remediation

Users are advised to update to D-View 8 version 2.0.5.109 Beta. This beta version can be downloaded from the D-Link D-View 8 Free Trial page. After updating, it is important to verify the success of the update by checking the firmware version on the product interface.