Share
## https://sploitus.com/exploit?id=PACKETSTORM:181912
====================================  
CVE ID: CVE-2024-45873  
Author: Iulian Florea  
Vendor: VegaBird  
Product: Vooki - Free Android APK & API Vulnerability Scanner(Yaazhini)  
Vulnerability Type: DLL Hijacking  
====================================  
  
  
====================================  
Summary  
====================================  
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.  
  
====================================  
Exploitation  
====================================  
By placing an arbitrary DLL (Example: dcomp.dll) within the application folder (C:\Users\<USER>\AppData\Local\Programs\Yaazhini) and opening the application (Yaazhini.exe) it can be noted that the DLL is being loaded. This can lead to persistence or in some cases to privilege escalation.