CRITICAL🇵🇱 Wersja polska

CVE-2025-63685

CVSS 9.8v3.1pub. 2025-11-20upd. 2025-12-16

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.

🤖 AI Analysis
How it works

The application does not verify the path or digital signature of the regsvr32.exe file loaded during startup. The attacker places a malicious DLL library in the application startup directory. When the user runs the program, the operating system finds and loads the planted library instead of the legitimate one, resulting in the execution of code contained in the malicious DLL file.

Impact

The attacker gains the ability to execute arbitrary code in the context of the running application, which can lead to complete system takeover, data theft, or privilege escalation.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. As an additional protective measure, it is recommended to restrict write permissions to the application startup directory exclusively to administrator accounts and to monitor file integrity in that directory.

Who is affected

Quark Cloud Drive version 3.23.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Quark Cloud Drive

    APP
    Quark
    3.23.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2007-3678HIGH7.6ten sam vendor

Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 fo...