CVE-2020-35483: DLL Hijacking vulnerability

Problem type

DLL Hijacking / Code execution

Description

AnyDesk for Windows is vulnerable to a DLL hijacking attack, where an attacker places a malicious "gcapi.dll" file in the application directory and then sets the read-only attribute to prevent the file from being overwritten. AnyDesk will then attempt to load this DLL file when executed.

Impact

If an attacker can place a "gcapi.dll" file in the application directory, AnyDesk will run any malicious code contained in that file. The code will run with normal user privileges, unless the user specifically runs AnyDesk as administrator.

Note: this is especially critical for the portable version of AnyDesk, which is likely to be started from an unprotected non-system directory like the browsers download directory.

Affected products

The vulnerability affects AnyDesk for Windows from versions 5.4.2 to 6.0.8.

Resolution

We have implemented additional security checks in AnyDesk for Windows version 6.1.0, that will prevent the execution of a modified "gcapi.dll" file.