Flos Freeware Notepad2 DLL Hijacking Vulnerability

A DLL hijacking vulnerability has been identified in Flos Freeware Notepad2 versions 4.2.22, 4.2.23, 4.2.24, and 4.2.25. The issue arises from an uncontrolled search path in the Msimg32.dll library, allowing malicious users to execute arbitrary code with the same privileges as the user running the application. This vulnerability requires local access to exploit and has a high complexity.

Impact

Exploitation of this vulnerability allows for DLL hijacking, where a malicious DLL can be loaded by Notepad2 upon startup, executing harmful code with the user's privileges.

Reproduction

To reproduce this vulnerability, place a malicious DLL file named 'Msimg32.dll' in the same folder from which Notepad2 is launched. When the application starts, it will search for the 'Msimg32.dll' file and load the malicious code automatically.