Full Disclosure mailing list archives
CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack
From: kalyan <kalyanakumar1985 () gmail com>
Date: Thu, 26 Aug 2010 20:49:07 +0530
Hi folks, After playing with windows DLL hijack toolkit,I got exploit POC for Pipe design software Bentaly Microstation 7.1,Nero 8.2.8.0,Quicktime pictureviwer 7.6.5 Bentaly Microstation 7.1: File :Ustation.exe File type:hln Hijack Dll:mptools.dll File :Ustation.exe File type:rdl Hijack Dll:baseman.dll,wintab32.dll,wintab.dll Nero 8.2.8.0 File :nero.exe File type:nab Hijack Dll:bcgpoleacc.dll Quicktime pictureviwer 7.6.5 File :pictureviewer.exe File type:mac,pct,pic,pict,pnt,pntg,qti,qtif Hijack Dll:cfnetwork.dll File :pictureviewer.exe File type:pct,pic,pict,pnt,pntg,qti,qtif Hijack Dll:corefoundation.dll Download Link Generated POC's http://rapidshare.com/files/415275008/Microstation_dllhijact_exploit.rar http://rapidshare.com/files/415275010/Nero_dllhijack_exploit.rar http://rapidshare.com/files/415275011/quicktime_pictureviwer_dllhijact_exploit.rar For test cases-http://reach2kalyan.blogspot.com/ Regards Kalyan http://reach2kalyan.blogspot.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack kalyan (Aug 26)