Northwave has identified several vulnerabilities in Ivanti Secure Access VPN, previously known as Pulse Secure VPN :
About 4 min
It has been 4 years since I did some research about DLL Hijacking.
I used procmon.exe to identifiy missing DLLs on windows system.
I quickly found few of them, including in Teams.exe. Recently, I looked again into it and found that some of them are still present.
The ColorAdapterClient.dll is one of these sweet spots.
If Teams.exe is configured to run at startup, the code is running once the machine is up, there is no need for the user to unlock is session.
About 3 min