Posted by Nitesh Shilpkar on Feb 28
Amazon kindle for windows suffers from a DLL hijacking issue.
Mitre has issued CVE-2017-6189 for this issue.
The issue is vendor confirmed and Kindle 1.19 fixes this issue.
Proof of concept/demonstration:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Create a malicious dll file and save it in your “Downloads” directory.
2. Download “Kindle Setup” and save it in your “Downloads” directory.
3. Execute “Kindle…