Microsoft Visual Studio 2010 DLL Hijacking

🗓️ 21 Oct 2016 00:00:00Reported by Ehsan HosseiniType

packetstorm🔗 packetstormsecurity.com👁 18 Views

Microsoft Visual Studio DLL Hijacking vulnerability in version 10.0.30319.1 RTMRe

`=====================================================  
# Microsoft Visual Studio 2010 - DLL Hijacking  
=====================================================  
# Vendor Homepage: https://www.visualstudio.com/  
# Date: 21 Oct 2016  
# Version : 10.0.30319.1 RTMRel  
# Author: Ashiyane Digital Security Team  
# Contact: [email protected]  
=====================================================  
# Description:  
Sublime Text is a sophisticated text editor for code, markup and prose.  
  
  
# Vulnerable Dll:  
SspiCli.dll  
  
  
# PoC:  
1. Create a malicious dll file with 'SspiCli.dll' and save it  
in "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE" directory.  
  
2. Execute Microsoft Visual Studio.  
  
3. Malicious dll file gets executed.  
=====================================================  
# Discovered By : Ehsan Hosseini  
=====================================================  
`

21 Oct 2016 00:00Current

0.3Low risk

Vulners AI Score0.3