Software : Interactive DisAssembler (IDA PRO)

Version: <=   IDA SDK 6.9 demo
                    IDA 5.0 Freeware

Software Link: https://www.hex-rays.com/products/ida/support/download.shtml

Tested on: WINDOWS XP SP3 - 32 bit, WINDOWS 7 SP1 - 32 bit, Windows 8.1 32 bit


IDA Pro suffers from DLL HIJACK Vulnerability from .idb file formats
with idadmng.dll file.

Details: *.idb file is a saved file of any disassembled file.

Vulnerable DLL: idadmng.dll


Exploitation Steps:

Step 1: Open any file in IDA Pro 5.0 Freeware or SDK 6.9 and save that
opened disassembled file in a *.idb file.

Step 2: Now send that saved *.idb file along with the malicious dll to
the system or the person you want to get access.

Step 3: Now whenever that person opens that .idb file in IDA Pro you
can get the meterpreter or the shell of the target system.