Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
The application does not verify the path or digital signature of the regsvr32.exe file loaded during startup. The attacker places a malicious DLL library in the application startup directory. When the user runs the program, the operating system finds and loads the planted library instead of the legitimate one, resulting in the execution of code contained in the malicious DLL file.
The attacker gains the ability to execute arbitrary code in the context of the running application, which can lead to complete system takeover, data theft, or privilege escalation.
Patches available from the vendor should be applied in accordance with the references. As an additional protective measure, it is recommended to restrict write permissions to the application startup directory exclusively to administrator accounts and to monitor file integrity in that directory.
Quark Cloud Drive version 3.23.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQuark Cloud Drive
APPQuark3.23.2