CVE-2021-36631

Vulnerability

BaiduNetDisk version 7.4.3 and earlier suffers from an untrusted search path vulnerability. When the main executable baidunetdisk.exe is launched, it loads multiple DLLs including MFPlat.dll, RTWorkQ.DLL, msmpeg2vdec.dll, msvproc.dll, UMPDC.dll, dxgi.dll, d3d11.dll, dcomp.dll, D3DSCache.dll, and midimap.dll from the application's root directory without verifying their integrity or source. This allows a locally present attacker to replace any of these DLLs with a malicious version [1].

Exploitation

The attacker requires write access to the BaiduNetDisk installation directory. The attacker can place a crafted DLL (e.g., MFPlat.dll) in that directory. When a user runs baidunetdisk.exe, the malicious DLL is loaded, executing arbitrary code in the context of the application [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running BaiduNetDisk. This can lead to complete compromise of the affected system, including data theft, installation of malware, or further privilege escalation [1].

Mitigation

As of the available references, no official patch has been released for CVE-2021-36631. Users are advised to ensure they are running the latest version of BaiduNetDisk, limit installation directory write permissions to authorized users only, and monitor for suspicious DLL loading. If a fix becomes available, it should be applied immediately [1].