Zero-Day Advisory
Fortinet Discovers AnyDesk for Windows DLL PreLoading Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in AnyDesk for Windows.
AnyDesk for Windows is a proprietary remote desktop tool by AnyDesk Software GmbH. The software facilitates remote access to personal computers running the host application on Windows, macOS, Linux, FreeBSD and iOS and Android mobile devices.
AnyDesk for Windows is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Solutions
Users should apply the solution provided by Anydesk.
Timeline
Fortinet reported the vulnerability to AnyDesk on May 14, 2018
AnyDesk confirmed the vulnerability on May 31, 2018.
AnyDesk patched the vulnerability on June 14, 2018.
Acknowledgement
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.