CVE-2024-45873
📋 TL;DR
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code by placing a malicious DLL in the same directory as the executable. This affects all users running the vulnerable version of Yaazhini software.
💻 Affected Systems
- VegaBird Yaazhini
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining persistent administrative access, data theft, and lateral movement capabilities.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive data and system resources.
If Mitigated
Limited impact if proper file permissions and execution controls prevent DLL placement in application directories.
🎯 Exploit Status
Exploit requires ability to write files to application directory, which typically requires some level of access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://vegabird.com
Restart Required: No
Instructions:
Check vendor website for updates. If patch available, download and install latest version from official source.
🔧 Temporary Workarounds
Restrict File Permissions
windowsSet strict file permissions on Yaazhini installation directory to prevent unauthorized DLL placement.
icacls "C:\Program Files\VegaBird\Yaazhini" /deny Everyone:(OI)(CI)(W)
Use Application Whitelisting
windowsImplement application control policies to only allow execution of signed Yaazhini binaries.
🧯 If You Can't Patch
- Monitor application directory for unauthorized DLL file creation
- Implement least privilege access controls to limit who can write to application directories
🔍 How to Verify
Check if Vulnerable:
Check if Yaazhini version is 2.0.2 and if unauthorized users can write to its installation directory.Check Version:
Check application properties or About dialog in Yaazhini interfaceVerify Fix Applied:
Verify updated version number and test if DLL hijacking attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loads from Yaazhini directory
- File creation events in Yaazhini installation path
Network Indicators:
- Unusual outbound connections from Yaazhini process
SIEM Query:
EventID=11 AND ProcessName="Yaazhini.exe" AND ImageLoaded contains ".dll"