Efficient Sticky Notes Pro dll hijacking

2018.03.19
de Mr.voltage (DE) de
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

########################## # Exploit Title: Efficient Sticky Notes Pro DLL hijacking Vulnerability # Software Link: http://www.efficientdownload.com/es/EfficientStickyNotesPro-Setup.exe # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage # Version: 5.50 # Vendor Homepage : http://www.efficientsoftware.net/ # Tested on : windows ########################## +--------------------------+ + Vulnerable DLL : + msvcr80.dll +--------------------------+ product: +-------+ Efficient Notes, you only need to manage your memos, notes and desktop sticky notes in one interface and one file. With its unique and powerful flash full-text search technique, simply enter a word in a note and you can locate this note quickly! The product has a strong edit function similar to that of Microsoft Word. +-------+ Impact: +-------+ Attacker can exploit the vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may help attacker to Successful exploits the system if user creates shell as a DLL. Make Malicious dll. +-------+ Exploit: Place a dummy msvcr80.dll file with the malicious dll . When the file is opened you will get shell. ################################### #Thanks to : mtn08 && shayan 72 # Discovered By: Mr.voltage # skype: mr.voltage@yahoo.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top