CVE-2016-4802

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.49.1

Description The issue allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse in the application or current working directory. This is due to libcurl loading Windows system DLLs in a manner that makes it vulnerable to a DLL hijacking attack in certain configurations. The DLLs security.dll, secur32.dll, and ws2 32.dll may be loaded dynamically, and an attacker may plant a DLL of the same name in the user's current directory, application directory, or other directory in the DLL search order. Recent versions of Windows include all three of these dynamically loaded system DLLs and enable safe DLL search mode by default, which limits the attack vector. To mitigate this, it is advised to guard write permissions on the application directory.

Recommendations For versions prior to 7.49.1, update to version 7.49.1 or later to address the issue. As a temporary workaround, consider restricting write access to the application directory to prevent DLL planting attacks. Additionally, avoid using the LoadLibrary() function without specifying a path for the DLLs security.dll, secur32.dll, and ws2 32.dll until the issue is resolved.