Posted by Nitesh Shilpkar on Feb 28

Amazon kindle for windows suffers from a DLL hijacking issue.

Mitre has issued CVE-2017-6189 for this issue.

The issue is vendor confirmed and Kindle 1.19 fixes this issue.

Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Create a malicious dll file and save it in your “Downloads” directory.

2. Download “Kindle Setup” and save it in your “Downloads” directory.

3. Execute “Kindle…