PSIRT Advisory

FortiClient DLL Hijacking Vulnerability

Summary

An Unsafe Search Path vulnerability in FortiClient Online Installer may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

Impact

Unauthorized code execution.

Affected Products

FortiClient for Windows below 6.0.6.

Solutions

Upgrade to FortiClient for Windows version 6.0.6 or later.

Acknowledgement

Fortinet is pleased to thank Honc (honcbb@gmail.com) for reporting this vulnerability under responsible disclosure.