"Stremio Vulnerability Exposes Millions to Attack"

Researchers at CyFox have discovered a Dynamic Link Library (DLL) planting/hijacking vulnerability in the popular media center application Stremio, which attackers could exploit to execute code on a victim's system, steal information, and more. DLLs are files that can be dynamically linked and shared by multiple programs simultaneously. They are essential to Windows and numerous applications, including Stremio. They house standard functions that are shared by multiple applications, preventing code duplication and reducing executable file size. In addition, DLLs grant access to system resources such as device divers, graphics processing, and networking. When a user launches a program on Windows, the program searches for and uses the required DLLs to function as intended. The flaw discovered by the researchers impacts version 4.4 of Stremio for Windows. It stems from the use of LoadLibraryA and LoadLibraryExA, two Windows Application Programming Interface (API) functions. The latter allows an attacker to place malicious DLLs in the application directory. This article continues to discuss findings regarding the Stremio vulnerability. 

Help Net Security reports "Stremio Vulnerability Exposes Millions to Attack"