OBS Studio DLL Injection Privilege Escalation

[Emorrow]

OBS Studio's Game Capture feature loads graphics hook DLLs (`graphics-hook64.dll`) without verifying their integrity or authenticity. An attacker who can replace this DLL can execute arbitrary code with whatever privileges OBS is running with—typically Administrator, since many users run OBS elevated for game streaming.

This is only a thing if OBS is installed to a user writable location. still...

 

[Pranzita]

…this creates a serious vulnerability that allows code execution through DLL replacement. Even though OBS requires administrative privileges to interact with games, the mere fact that an attacker can replace graphics-hook64.dll in the installation directory allows them to execute arbitrary code with the same privileges as the OBS process.