Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Important
The Internet must be turned off during installation, otherwise the browser will be updated.
You can download vulerable version from download.cdn.yandex.net
Or usage from archive
- Download and unpack Yandex_Browser_24.4.5.498.zip
- Start Setup.exe
I used the "LolNope" approach from here: https://github.com/advancedmonitoring/ProxyDll
You just need to compile the DLL file and place it in the path %LOCALAPPDATA%\Yandex\YandexBrowser\Application and start the browser
