μTorrent (uTorrent) 2.0.3 - DLL Hijacking

EDB-ID:

14748


Author:

Dr_IDE

Type:

local


Platform:

Windows

Date:

2010-08-25


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

###########################################################################
#
# Title: 	uTorrent <=2.0.3 Dll Hijacking Local Exploits
# By:		Dr_IDE
# Tested:	Windows 7RC
# Note:		These are additional DLL's with unsafe Load Paths
# Reference:	http://www.exploit-db.com/exploits/14726/
#
############################################################################

If the payload .DLL file is renamed to any of these files and placed in the 
utorrent.exe directory, the payload will be executed with users' credentials.

	-userenv.dll

	-shfolder.dll
	
	-dnsapi.dll

	-dwmapi.dll

	-iphlpapi.dll

	-dhcpcsvc.dll

	-dhcpcsvc6.dll

	-rpcrtremote.dll

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/14748.tar.gz (Dr_IDE.bind.dll.tar.gz)

#[pocoftheday.blogspot.com]