Efficient Calendar dll hijacking

2018.03.22
ir Iran Security Group (IR) ir
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

########################## # Exploit Title: Efficient Calendar DLL hijacking Vulnerability # Software Link: http://www.efficientdownload.com/es/EfficientCalendarNetwork-Setup.exe # Version: 5.50 # Vendor Homepage : http://www.efficientsoftware.net/ # Tested on : windows # Exploit Author: Iran Security Group ########################## +--------------------------+ + Vulnerable DLL : + gds32.dll +--------------------------+ product: +-------+ Efficient Calendar Network is designed for SME to share data. The network edition has all features of pro version, such as, to-do lists, calendar reminder, group management, one-touch search, etc.. Besides, with network edition, different users in organization can access the same copy of data, to work in conjunction and improve work efficiency! +-------+ Impact: +-------+ Attacker can exploit the vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may help attacker to Successful exploits the system if user creates shell as a DLL. Make Malicious dll. +-------+ Exploit: Place a dummy gds32.dll file with the malicious dll . When the file is opened you will get shell. ################################### # Iran Security Group - iran-sec.net # Discovered By: Mr.voltage # Mr.voltage@yahoo.com ###################################

References:

http://iran-sec.net


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top