VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.
c00ff52553fc03783e70e427c0ab7515# Exploit Title: [vmware horizon client 5.4 - DLL Hijacking]
# Date: [date]
# Discoverer: [Owais Mehtab, Tayeeb Rana]
# Vendor Homepage: [https://vmware.com]
# Software Link: [https://my.vmware.com/web/vmware/details?productId=331&downloadGroup=VIEWCLIENTS_WIN64_540]
# Version: [5.4 5.4.0.2007]
# Tested on: [Win7 Sp1]
VMWare Horizon Client 5.4 other versions may also be affected
Description:-
The application suffers from dll hijacking vulneravbility since it looks for a dll named Trutil.dll without explicitly calling it from absolute path
Exploitation:-
create a malicious dll and place it under the vmware horizon client installation folder or any folder that is defined in PATH variable named as Trutil.Dll
Now wait for service/application to start to get shell.