Login Sign Up

CVE-2022-29505

7.8 HIGH

📋 TL;DR

A DLL injection vulnerability in LINE for Windows allows attackers to execute arbitrary code with elevated privileges. This affects LINE for Windows versions before 7.8 due to a build misconfiguration in the OpenSSL dependency. Users running vulnerable versions are at risk of privilege escalation attacks.

💻 Affected Systems

Products:
  • LINE for Windows
Versions: All versions before 7.8
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows version of LINE. Requires attacker to place malicious DLL in specific location accessible to LINE process.

📦 What is this software?

Line by Linecorp

View all CVEs affecting Line →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing attackers to install persistent malware, steal credentials, and access sensitive data.

🟠

Likely Case

Local privilege escalation enabling attackers to gain higher privileges than their current user account, potentially leading to lateral movement within the network.

🟢

If Mitigated

Limited impact if proper application control policies prevent unauthorized DLL loading and users operate with minimal privileges.

🌐 Internet-Facing: LOW - This is primarily a local attack vector requiring access to the target system.
🏢 Internal Only: MEDIUM - Attackers with initial access to a workstation could escalate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to place malicious DLL and trigger LINE to load it. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.8 and later

Vendor Advisory: https://hackerone.com/reports/1423049

Restart Required: Yes

Instructions:

1. Open LINE for Windows. 2. Go to Settings > About LINE. 3. Check version is 7.8 or higher. 4. If not, download latest version from official LINE website. 5. Install update and restart LINE.

🔧 Temporary Workarounds

Application Control Policy

windows

Implement application control policies to prevent unauthorized DLL loading from untrusted locations.

Use Windows AppLocker or similar to restrict DLL loading to trusted paths only

Remove Vulnerable Version

windows

Uninstall vulnerable LINE versions and use web or mobile versions instead.

Control Panel > Programs > Uninstall LINE

🧯 If You Can't Patch

  • Run LINE with minimal user privileges (not as administrator)
  • Implement strict file system permissions to prevent DLL planting in LINE directories

🔍 How to Verify

Check if Vulnerable:

Open LINE, go to Settings > About LINE, check if version is below 7.8.

Check Version:

Not applicable - check through LINE application interface

Verify Fix Applied:

Confirm LINE version is 7.8 or higher in Settings > About LINE.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing DLL loading from unusual locations by LINE process
  • Process Monitor logs showing DLL injection attempts

Network Indicators:

  • No network indicators - local attack only

SIEM Query:

Process Creation where Image contains 'LINE.exe' AND CommandLine contains 'dll' OR ParentImage contains 'LINE.exe'

📊 Metadata

CVE ID: CVE-2022-29505
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: April 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON