CVE-2023-45252
📋 TL;DR
A DLL hijacking vulnerability in HuddlyCameraService allows attackers to place malicious DLLs in the service directory, which standard users can write to. This enables arbitrary code execution and privilege escalation on affected systems. Users of Huddly camera software before version 8.0.7 (excluding 7.99) are affected.
💻 Affected Systems
- Huddly HuddlyCameraService
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation to SYSTEM/administrator level, enabling complete control over the device, data theft, and lateral movement.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges, install malware, or manipulate system files.
If Mitigated
Limited impact with proper access controls preventing standard users from writing to service directories.
🎯 Exploit Status
Requires local access and standard user privileges. DLL hijacking is a well-known technique with established exploitation methods.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0.7
Vendor Advisory: https://www.xlent.no/aktuelt/security-disclosure-of-vulnerabilities-cve-2023-45252-and-cve-2023-45253/
Restart Required: Yes
Instructions:
1. Download HuddlyCameraService version 8.0.7 or later from official Huddly sources. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system to ensure service updates take effect.
🔧 Temporary Workarounds
Restrict directory permissions
windowsModify permissions on the HuddlyCameraService installation directory to remove write access for standard users.
icacls "C:\Program Files\Huddly\HuddlyCameraService" /deny Users:(OI)(CI)W
Disable service if unused
windowsStop and disable the HuddlyCameraService if Huddly cameras are not required.
sc stop HuddlyCameraService
sc config HuddlyCameraService start= disabled
🧯 If You Can't Patch
- Implement strict access controls to prevent standard users from writing to the HuddlyCameraService directory.
- Monitor for suspicious DLL files being created in the HuddlyCameraService directory and for unexpected service behavior.
🔍 How to Verify
Check if Vulnerable:
Check HuddlyCameraService version via Windows Services (services.msc) or registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall for version number. Verify if version is below 8.0.7 and not 7.99.Check Version:
wmic service where "name='HuddlyCameraService'" get PathNameVerify Fix Applied:
Confirm HuddlyCameraService version is 8.0.7 or higher. Verify directory permissions do not allow standard users write access to the installation folder.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing DLL loading errors from HuddlyCameraService
- Unexpected DLL files in HuddlyCameraService directory
- Service crashes or unexpected restarts
Network Indicators:
- Unusual outbound connections from HuddlyCameraService process
SIEM Query:
Process creation where parent process is HuddlyCameraService.exe OR File creation in directory containing 'HuddlyCameraService'