Articles
10
Tags
13
Categories
4
Home
Tags
Categories
Link
Edges
2025-May-1 Vulnerability Temp Report
Home
Tags
Categories
Link
2025-May-1 Vulnerability Temp Report
Created
2025-05-15
|
Updated
2025-05-23
|
CVE
|
Post Views:
Hey, password is required here.
Author:
Nightsedge
Link:
https://0nightsedge0.github.io/2025/05/15/2025-May-1-Temp-Vuln-Report/
Copyright Notice:
All articles on this blog are licensed under
CC BY-NC-SA 4.0
unless otherwise stated.
CVE
With_Chinese_Content
Previous
CVE-2025-4540 - C-Lodop CLodopPrintService unquoted search path
Found a simple vulnerability on a print service
Related Articles
2025-05-14
CVE-2025-4540 - C-Lodop CLodopPrintService unquoted search path
Found a simple vulnerability on a print service
2025-01-12
CVE-2024-9950-Forescout-SecureConnector
Found the vulnerability but i am too late to report it...sad
Nightsedge
Half is worse than None at All.
Articles
10
Tags
13
Categories
4
Contents
1.
CVE-XXXXX/CNNVD-XXXX (To be confirm)
2.
EN
2.1.
Info
2.2.
Detail
2.3.
Testing Steps
2.3.0.1.
1. Checking the permission of the DingTalk folder is granted to “Users” with Full control after installation
2.3.0.2.
2. Create a simple DLL file called PROPSYS.dll to execute my code (just the DLL main with attach thread/process)
2.3.0.3.
3. Copy this DLL file to C:\Program Files (x86)\DingDing
2.3.0.4.
4. Execute the DingtalkLauncher.exe to hijack the execution flow and run the message prompt
2.4.
PoC
2.5.
Root Cause
2.6.
Official Solution
2.7.
Remediation
2.8.
WorkAround
2.9.
Timeline
2.10.
Epilogue
3.
中文
3.1.
基本資料
3.2.
詳細資料
3.3.
測試步驟
3.3.0.1.
1. DingTalk安裝完成後檢查釘釘資料夾的權限是否授予用戶完全控制
3.3.0.2.
2. 建立一個名為PROPSYS.dll的簡單 DLL 檔案來執行我的程式碼
3.3.0.3.
3. 將此 DLL 檔案複製到 C:\Program Files (x86)\DingDing
3.3.0.4.
4. 執行DingtalkLauncher.exe劫持執行流程,執行訊息彈窗
3.4.
PoC
3.5.
根本原因
3.6.
官方解決方案
3.7.
補救措施
3.8.
變通辦法
3.9.
時間線
3.10.
後記
Recent Posts
2025-May-1 Vulnerability Temp Report
2025-05-15
CVE-2025-4540 - C-Lodop CLodopPrintService unquoted search path
2025-05-14
CVE-2024-9950-Forescout-SecureConnector
2025-01-12
