μTorrent (uTorrent) 2.0.3 – DLL Hijacking

Exploit Database
13 阅读

作者： Dr_IDE

日期： 2010-08-25
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/14748/

###########################################################################
#
# Title: 	uTorrent <=2.0.3 Dll Hijacking Local Exploits
# By:		Dr_IDE
# Tested:	Windows 7RC
# Note:		These are additional DLL's with unsafe Load Paths
# Reference:	http://www.exploit-db.com/exploits/14726/
#
############################################################################

If the payload .DLL file is renamed to any of these files and placed in the 
utorrent.exe directory, the payload will be executed with users' credentials.

	-userenv.dll

	-shfolder.dll
	
	-dnsapi.dll

	-dwmapi.dll

	-iphlpapi.dll

	-dhcpcsvc.dll

	-dhcpcsvc6.dll

	-rpcrtremote.dll

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14748.tar.gz (Dr_IDE.bind.dll.tar.gz)

#[pocoftheday.blogspot.com]

last Exploits
μTorrent (uTorrent) 2.0.3 – DLL Hijacking的更多信息

Cisco Unified Communications Manager – TFTP Service：
libdbus – ‘DBUS_SYSTEM_BUS_ADDRESS’ Local Privilege Escalation：
Winamp 5.572 (Windows XP SP3 DE) – ‘whatsnew.txt’ Local Buffer Overflow：
Wondershare Dr.Fone 12.0.7 – Privilege Escalation (ElevationService)：
Solaris – RSH Stack Clash Privilege Escalation (Metasploit)：
BEWARD Intercom 2.3.1 – Credentials Disclosure：
AdobeWorkgroupHelper 2.8.3.3 – Local Stack Buffer Overflow：
AppLocker – Execution Prevention Bypass (Metasploit)：