PSIRT Advisory

FortiClient DLL Hijacking vulnerability

Summary

When executed, the FortiClient installer (FortiClientOnlineInstaller.exe), if downloadedbefore August 11th, 2016 (build 0842), would attempt to load DLLs from the directorywhere it resides.


Description

When executed, the FortiClient installer (FortiClientOnlineInstaller.exe), if downloaded before August 11th, 2016 (build 0842), would attempt to load DLLs from the directory where it resides. This is known as a dll hijacking vulnerability: An attacker with control of the aforementioned directory could therefore have the installer load malicious DLLs upon execution.

Impact

Unauthorized code execution

Affected Products

FortiClientOnlineInstaller.exe before (Build 0842) Aug. 11, 2016

Solutions

Issue fixed on Aug. 11, 2016

Acknowledgement

Fortinet is pleased to thank Sachin Wagh and Himanshu Mehta for reporting this vulnerability under responsible disclosure.