Microsoft Visual Studio 2010 DLL Hijacking

2016-10-21T00:00:00
ID PACKETSTORM:139295
Type packetstorm
Reporter Ehsan Hosseini
Modified 2016-10-21T00:00:00

Description

                                        
                                            `=====================================================  
# Microsoft Visual Studio 2010 - DLL Hijacking  
=====================================================  
# Vendor Homepage: https://www.visualstudio.com/  
# Date: 21 Oct 2016  
# Version : 10.0.30319.1 RTMRel  
# Author: Ashiyane Digital Security Team  
# Contact: hehsan979@gmail.com  
=====================================================  
# Description:  
Sublime Text is a sophisticated text editor for code, markup and prose.  
  
  
# Vulnerable Dll:  
SspiCli.dll  
  
  
# PoC:  
1. Create a malicious dll file with 'SspiCli.dll' and save it  
in "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE" directory.  
  
2. Execute Microsoft Visual Studio.  
  
3. Malicious dll file gets executed.  
=====================================================  
# Discovered By : Ehsan Hosseini  
=====================================================  
`