=====================================================
# NO-IP DUC v4.1.1 - DLL Hijacking
=====================================================
# Vendor Homepage: http://noip.com
# Date: 20 Oct 2016
# Software Link : http://www.noip.com/client/DUCSetup_v4_1_1.exe
# Version : 4.1.1
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# Description :
DUC40.exe can be exploited to execute arbitrary code on victims system via
DLL hijacking.


# Vulnerable Libraries:
bcryptPrimitives.dll
CRYPTSP.dll
CRYPTBASE.dll


# PoC:
1. Create a malicious 'bcryptPrimitives.dll' or 'CRYPTSP.dll' or
'CRYPTBASE.dll' file and save it in "C:\Program Files\No-IP"
directory.
2. Execute DUC40.exe from "C:\Program Files\No-IP" directory.
3. Malicious dll file gets executed.
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================