### Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products (including cloud terminals, cloud desktops, virtualization software, and cloud storage products) and end-to-end integrated product, which can be applied to different scenarios such as office, training classroom, multimedia classroom, and business hall.” ### Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program ### Vendor Response ZTE has been notified on the 13th of August 2017, several emails were exchanged, but no ETA for a fix or workaround have been provided for the following vulnerabilities. ### Vulnerability details When uSmartView starts on a Windows machine it tries to load a DLL (pcacli.dll) from the C:\Program Files (x86)\vdc\ientry directory, if a malicious attacker puts the DLL in that directory uSmartView will load it...
### Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products (including cloud terminals, cloud desktops, virtualization software, and cloud storage products) and end-to-end integrated product, which can be applied to different scenarios such as office, training classroom, multimedia classroom, and business hall.” ### Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program ### Vendor Response ZTE has been notified on the 13th of August 2017, several emails were exchanged, but no ETA for a fix or workaround have been provided for the following vulnerabilities. ### Vulnerability details When uSmartView starts on a Windows machine it tries to load a DLL (pcacli.dll) from the C:\Program Files (x86)\vdc\ientry directory, if a malicious attacker puts the DLL in that directory uSmartView will load it and run the code found in it – without giving the user any warning of it. This happens because uSmartView does not provide file pcacli.dll. Furthermore, writing in C:\Program Files (x86)\vdc\ientry doesn’t require any special privileges. Since uSmartView can require admin privileges an attacker can place the pcacli.dll and cause command execution as the current user (usually admin).
