Sublime Text Editor 3 DLL Hijacking

2016-10-20T00:00:00
ID PACKETSTORM:139257
Type packetstorm
Reporter Ehsan Hosseini
Modified 2016-10-20T00:00:00

Description

                                        
                                            `=====================================================  
# Sublime Text Editor 3 - DLL Hijacking  
=====================================================  
# Vendor Homepage: https://www.sublimetext.com/  
# Date: 20 Oct 2016  
# Software Link : https://download.sublimetext.com/Sublime Text Build  
3126 Setup.exe  
# Version : Build 3126  
# Author: Ashiyane Digital Security Team  
# Contact: hehsan979@gmail.com  
=====================================================  
# Description:  
Sublime Text is a sophisticated text editor for code, markup and prose.  
  
  
# Vulnerable Dlls:  
SspiCli.dll  
DNSAPI.dll  
urlmon.dll  
iertutil.dll  
dbghelp.dll  
dbgcore.DLL  
bcryptPrimitives.dll  
dwrite.dll  
CRYPTBASE.dll  
  
  
# PoC:  
1. Create a malicious dll file(with vulnerable dll name) and save it  
in "C:\Program Files\Sublime Text 3" directory.  
  
2. Execute "sublime_text.exe" from "C:\Program Files\Sublime Text 3" directory.  
  
3. Malicious dll file gets executed.  
=====================================================  
# Discovered By : Ehsan Hosseini  
=====================================================  
`