CVE-2020-35483: 
NixOS vulnerability analysis and mitigation

AnyDesk before 6.1.0 on Windows, specifically when run in portable mode, contained a DLL hijacking vulnerability (CVE-2020-35483) that was discovered and disclosed on January 11, 2021. The vulnerability affected AnyDesk for Windows versions from 5.4.2 to 6.0.8, allowing attackers with write access to the application directory to compromise local user accounts (NVD, Vendor Advisory).

The vulnerability is classified as a DLL hijacking attack where an attacker could place a malicious 'gcapi.dll' file in the application directory and set it as read-only to prevent overwriting. When executed, AnyDesk would load this trojanized DLL file, leading to code execution with user privileges, unless specifically run with administrator permissions. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, Vendor Advisory).

The vulnerability was particularly critical for the portable version of AnyDesk, which is commonly started from unprotected non-system directories such as browser download folders. When exploited, the vulnerability allowed the execution of malicious code with normal user privileges, or potentially higher privileges if the application was run as administrator (Vendor Advisory).

The vulnerability was addressed in AnyDesk version 6.1.0, which implemented additional security checks to prevent the execution of modified gcapi.dll files. Users were advised to upgrade to this version or later to mitigate the vulnerability (Vendor Advisory).