RJ TextEd dll hijacking

2018.03.10
ir Mr.voltage (IR) ir
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

########################## # Exploit Title: RJ TextEd DLL hijacking Vulnerability # Software Link: https://www.rj-texted.se/download.html # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage # Version: 12.90 # Vendor Homepage : https://www.rj-texted.se/ # Tested on : windows ########################## +--------------------------+ + Vulnerable DLL : + 7z.dll +--------------------------+ product +-------+ RJ TextEd is a full featured text and source editor with Unicode support. It is also a very powerful web (PHP, ASP, JavaScript, HTML and CSS) development editor. The functionality extends beyond text files and includes support for CSS/HTML editing with integrated CSS/HTML preview, spell checking, auto completion, HTML validation, templates and more. The program also has a dual pane file commander, as well as a (S)FTP client to upload your files. Below is a small list of features available. For a full list check out the features section. +-------+ Make Malicious dll. Exploit: Place a dummy 7z.dll file with the malicious dll . When the file is opened you will get shell. ################################### #Thanks to : matin && shayan 72 # Discovered By: Mr.voltage # skype: mr.voltage@yahoo.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top