FortiClient DLL Hijacking Vulnerability
An Unsafe Search Path vulnerability in FortiClient Online Installer may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Unauthorized code execution.
FortiClient for Windows below 6.0.6.
Upgrade to FortiClient for Windows version 6.0.6 or later.
Fortinet is pleased to thank Honc (email@example.com) for reporting this vulnerability under responsible disclosure.