Google Chrom 34.0.1847.131 m 32-bit DLL Order Hijacking

2014-05-01 / 2014-05-02
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# google chrom latest Version 34.0.1847.131 m 32-bit DLL Order Hijacking # ########################### # # Exploit Title: [google chrom Version 34.0.1847.131 m 32-bit DLL Order Hijacking ] # Date: [2014/04/25] # Exploit Author: [Aryan Bayaninejad] # Linkedin : https://www.linkedin.com/profile/view?id=276969082 # Vendor Homepage: [http://www.chromium.org/] # Software Link: [http://www.filehorse.com/download-google-chrome/] # Version: [Version 34.0.1847.116 32-bit ] # Tested on: [Windows 7 Ultimate - 32bit] # ########################### details: Untrusted search path vulnerability in chrom latest version [34.0.1847.131] when running on Windows 7 32bit ,allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory by sxs.dll it's a DLL Order Hijacking that let me to execute arbitrary code beside google chrome latest version of Chrome suffers from Load Order Hijacking of "Sxs.dll" library, I attached a proof of concept code that will runs besides your google chrome if you put it beside chrome.exe & it works like a charm & will execute calc . uses Windows; begin Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show); end. Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll Then Copy It To The chrom Installed Path, Now If You Run The chrom now DLL Will Hijacked!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top