RapidTyping DLL HIJACKING VULNERABILTY

2017.08.07
Credit: Mr.voltage
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

########################## # Exploit Title: RapidTyping DLL HIJACKING VULNERABILTY # Software Link: http://www.rapidtyping.com/en/downloads/typing-tutor/ver-5/RapidTyping_Setup_5.2.exe # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage # Version: 5.2 # Vendor Homepage : http://www.rapidtyping.com # Tested on : windows ########################## +--------------------------+ + Vulnerable DLL : + rtbridge.dll + fmodex64.DLL +--------------------------+ Product +-------+ RapidTyping is a convenient and easy-to-use keyboard trainer that will help you improve your typing speed and reduce typos. With its lessons organized around various keyboard groups, the RapidTyping software will teach you touch typing in a short time. +-------+ Make Malicious dll. Exploit: Place a dummy rtbridge.dll or fmodex64.DLL file with the malicious dll . When the file is opened you will get shell. ################################### #Thanks to : Shayan 72 # Discovered By: Mr.voltage # skype: mr.voltage@yahoo.com

References:

https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top