Zero-Day Advisory
Fortinet Discovers Tresorit for Windows DLL PreLoading Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in Tresorit for Windows.
Tresorit is an online cloud storage service that emphasizes enhanced security and data encryption for businesses and individuals/freelancers. It offers extra security features such as DRM, granular access levels and other functions which aim to create a safer collaborative environment. Tresorit is accessible through client desktop software, web-based application and mobile apps namely, Windows, macOS, Android, Windows Phone 8, iOS, and Linux.
Tresorit for Windows is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Solutions
Users should apply the solution provided by Tresorit.
Timeline
Fortinet reported the vulnerability to Tresorit on May 06, 2018.
Tresorit confirmed the vulnerability on May 07, 2018.
Tresorit released patch for it on May 18, 2018.