OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] CAD 2D-3D Pipe designing software Microstation, Nero, Quicktime Pictureviwer vulnerable to DLL hijack attack

From: kalyan (kalyanakumar1985gmail.com)
Date: Thu Aug 26 2010 - 10:19:07 CDT


Hi folks,

After playing with windows DLL hijack toolkit,I got exploit POC for Pipe
design software Bentaly Microstation 7.1,Nero 8.2.8.0,Quicktime pictureviwer
7.6.5

 Bentaly Microstation 7.1:

File :Ustation.exe File type:hln Hijack Dll:mptools.dll
File :Ustation.exe File type:rdl Hijack
Dll:baseman.dll,wintab32.dll,wintab.dll

Nero 8.2.8.0

File :nero.exe File type:nab Hijack Dll:bcgpoleacc.dll

Quicktime pictureviwer 7.6.5

File :pictureviewer.exe File type:mac,pct,pic,pict,pnt,pntg,qti,qtif
Hijack Dll:cfnetwork.dll
File :pictureviewer.exe File type:pct,pic,pict,pnt,pntg,qti,qtif
Hijack Dll:corefoundation.dll

Download Link Generated POC's

http://rapidshare.com/files/415275008/Microstation_dllhijact_exploit.rar
http://rapidshare.com/files/415275010/Nero_dllhijack_exploit.rar
http://rapidshare.com/files/415275011/quicktime_pictureviwer_dllhijact_exploit.rar
For test cases-http://reach2kalyan.blogspot.com/

Regards
Kalyan
http://reach2kalyan.blogspot.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/