Skip to content

DLL hijacking in Eclipse IDE Process Monitor

profapi.dll is missing so an attacker can use a malicious DLL with the same name and place it to the following path C:\Users\User_Name\eclipse\java-2023-03\eclipse and can get admin privileges and also perform a way of persistence on the victim machine.

Impact: An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM PRIVILEGES as well the attacker can maintain persistence on the target system.

I'm also attaching a video and picture PoC.

References:

https://pentestlab.blog/2017/03/27/dll-hijacking/

https://trustfoundry.net/2016/10/19/what-is-dll-hijacking/

Similar CVE's:

NVD - CVE-2022-48077

https://blog.aquasec.com/cve-2022-32223-dll-hijacking

Steps to reproduce

(not given)

What are the affected versions?

Process Monitor, version 2023-03

Do you know any mitigations of the issue?

None

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent