RapidTyping DLL HIJACKING VULNERABILTY

Published
Credit
Risk
2017.08.07
Mr.voltage
Medium
CWE
CVE
Local
Remote
N/A
N/A
Yes
No

##########################
# Exploit Title: RapidTyping DLL HIJACKING VULNERABILTY
# Software Link: http://www.rapidtyping.com/en/downloads/typing-tutor/ver-5/RapidTyping_Setup_5.2.exe
# https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ
# Discovered By: Mr.voltage
# Version: 5.2
# Vendor Homepage : http://www.rapidtyping.com
# Tested on : windows
##########################
+--------------------------+
+ Vulnerable DLL :
+ rtbridge.dll
+ fmodex64.DLL
+--------------------------+
Product
+-------+
RapidTyping is a convenient and easy-to-use keyboard trainer that will help you improve your typing speed and reduce typos.
With its lessons organized around various keyboard groups, the RapidTyping software will teach you touch typing in a short time.
+-------+
Make Malicious dll.
Exploit:
Place a dummy rtbridge.dll or fmodex64.DLL file with the malicious dll . When the file is opened you will get shell.



###################################
#Thanks to : Shayan 72

# Discovered By: Mr.voltage

# skype: mr.voltage@yahoo.com

References:

https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com