CVE-2018-12449

Vulnerability

The Whale browser installer versions 0.4.3.0 and earlier are susceptible to DLL hijacking [1]. During installation, the loader may search for required DLLs in insecure directories, enabling a malicious actor to place a crafted DLL in a location where it is loaded instead of the legitimate one [1].

Exploitation

An attacker needs to have write access to a directory that is searched by the installer's DLL loading mechanism (e.g., the application's working directory or a system path like Temp). By placing a malicious DLL with the same name as a legitimate DLL that the installer tries to load, the attacker can cause the installer to load the malicious DLL [1]. No authentication is required, but the attacker must have local access or be able to trick a user into running the installer from an attacker-controlled location.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the user running the installer. This could lead to full compromise of the affected system, including data theft, installation of malware, or privilege escalation [1].

Mitigation

As of the advisory, no fixed version has been released. Users are advised to only download the installer from official, trusted sources and to avoid running it from untrusted directories. The vulnerability is present in versions 0.4.3.0 and earlier; upgrading to a newer version beyond 0.4.3.0 is recommended if available [1].