Ettercap NG-0.7.3 is vulnerable to DLL hijacking. An attacker can create a malicious DLL file named wpcap.dll and place it in the same directory as a file with the .pcap extension. When the user visits http://chaossecurity.wordpress.com/, the malicious DLL will be executed.
A vulnerability in Microsoft Group Convertor allows attackers to execute arbitrary code by placing a malicious DLL in the same directory as a vulnerable file with the .grp extension. Compiling and renaming a malicious DLL to imm.dll and placing it in the same directory as a vulnerable file with the .grp extension will cause the malicious code to be executed when the vulnerable file is opened.
A DLL hijacking vulnerability exists in Safari 5.0.1 which allows an attacker to execute arbitrary code on the target system. The vulnerability is triggered when a specially crafted .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file is opened in Safari. The file must be placed in the same folder as the dwmapi.dll file. The code for dwmapi.dll contains a MessageBox function which will execute arbitrary code when the file is opened in Safari.
This exploit is for Adobe Device Central CS5 v3.0.0(376) which is vulnerable to DLL hijacking. The vulnerable extensions are .adcp. The exploit is written in C and contains a list of functions that can be used to hijack the qtcf.dll library. The exploit was tested on Windows 7 x64 Ultimate.
An attacker can exploit this vulnerability by creating a malicious DLL file and renaming it to cpqdvd.dll. The attacker can then create a file with the .ifo or .mpg extension in the same directory as the malicious DLL file. When the user opens the file, the malicious DLL file will be executed.
A DLL hijacking vulnerability exists in Roxio Photosuite 9.0 which allows an attacker to execute arbitrary code on the vulnerable system. An attacker can create a malicious DLL file and rename it to homeutils9.dll and place it in the same directory as one of the vulnerable extensions (.dmsp or .pspd). When the vulnerable application is launched, the malicious DLL will be executed.
This exploit takes advantage of the Microsoft Vista BitLocker Drive Encryption API to execute arbitrary code. The exploit is triggered by creating a file with one of the vulnerable extensions (.wbcat) in the same directory as the malicious DLL. When the system attempts to access the file, the malicious DLL is loaded and the hook_startup() function is executed, which in turn executes the evil() function. The evil() function then executes the Windows calculator application.
Place a .mp3 file and wintab32.dll in same folder and execute .mp3 file in vlc player. The code for wintab32.dll includes a MessageBox that will display 'Pwned' when the DLL is loaded.
If the payload .DLL file is renamed to any of these files and placed in the utorrent.exe directory, the payload will be executed with users' credentials: userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, rpcrtremote.dll
TeamMate Audit Management Software Suite is vulnerable to DLL Hijacking. An attacker can exploit this vulnerability by creating a malicious DLL file and renaming it to mfc71enu.dll, and creating a file in the same directory with one of the vulnerable extensions (.tmx). The malicious DLL file will be executed when the application is launched.
Services By CQR