PSIRT Advisory
FortiClient DLL Hijacking Vulnerability
Summary
An Unsafe Search Path vulnerability in FortiClient Online Installer may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.
Impact
Unauthorized code execution.
Affected Products
FortiClient for Windows below 6.0.6.
Solutions
Upgrade to FortiClient for Windows version 6.0.6 or later.
Acknowledgement
Fortinet is pleased to thank Honc (honcbb@gmail.com) for reporting this vulnerability under responsible disclosure.