-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================================
==========================================================================
VLC Media Player 1.1.4 (vlc.exe) dll hijacking reloaded
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on:
Windows 7 professional full patched
==========================================================================
==========================================================================
DESCRIPTION:
I think this is just a logic flaw, infact this program is still
vulnerable to dll hijacking simply creating, in the same folder of
one of below listed files, these folders:
"%commonprogramfiles%\microsoft shared\windows live"
and then put into "windows live" folder our dll.
E.g.
C:\>dir /S test
Volume in drive C has no label.
Volume Serial Number is XXXX-YYYY
Directory of C:\test
14/10/2010 11:29 <DIR> .
14/10/2010 11:29 <DIR> ..
14/10/2010 11:29 <DIR> %commonprogramfiles%
07/10/2010 13:22 8 test.xspf
1 File(s) 8 bytes
Directory of C:\test\%commonprogramfiles%
14/10/2010 11:29 <DIR> .
14/10/2010 11:29 <DIR> ..
14/10/2010 11:29 <DIR> microsoft shared
0 File(s) 0 bytes
Directory of C:\test\%commonprogramfiles%\microsoft shared
14/10/2010 11:29 <DIR> .
14/10/2010 11:29 <DIR> ..
14/10/2010 11:29 <DIR> windows live
0 File(s) 0 bytes
Directory of C:\test\%commonprogramfiles%\microsoft shared\windows live
14/10/2010 11:29 <DIR> .
14/10/2010 11:29 <DIR> ..
14/10/2010 09:36 14,336 wintab32.dll
1 File(s) 14,336 bytes
==========================================================================
==========================================================================
INFO:
Prg.: vlc.exe
Ver.: 1.1.4.0
Ext.: a52
ac3
amr
amv
aob
ape
b4s
bin
cue
divx
dts
dv
flac
flv
gxf
ifo
it
m3u8
m4p
mka
mkv
mlp
mp1
mpc
mpeg1
mpeg2
mpeg4
mxf
nsv
nuv
oga
ogg
ogm
ogv
ogx
oma
pls
ram
rec
rmvb
rm
s3m
sdp
spx
tod
tta
vlc
vob
voc
vqf
vro
w64
webm
wv
xa
xm
xspf
dll: wintab32.dll
==========================================================================
==========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iQIcBAEBAgAGBQJMtvf+AAoJELleC2c7YdP161YQAMbRBuVfTrWZy+5Jc36im+by
+eLZoQ2JJsWIs9stIPPnggv63jk0QHvwLvAYgIpYadPUls5EMRFSQjeHr/hiJlIT
mCXJEs8p8lbxTWDo/NUz/CXKRGWc5ePkjIeGilt5Iw8dGdTZk9KkfQ5MImb2kiA6
fOYxvEJdmjJ/Fxb+9Mp5ronWWNndMUByGWWJfR41y052ULibDnMAw5mK+ZhbCITy
54SeEuRExfQnLpIHxwWmTWnun+K6CxCisaLdtkgKVp9IeOta2jCf0QJkg5MaZ1fx
igjoOTWGw4MwmG1L5szDlW0lnCa3zqST17i8LwIXzLTj1Ms4Y4Ozye2NjIZzyTYt
ODOcaT2BgzM0ERCzmmvRmX0g81AYtMSyXprI/7FBtVKpJI5sVVLyLv1RcUxGaa3J
5jHLtwkJefprVDenD/sKaTg82agiNUAPZ8cLM9331uFQcyBoA58Fqx1JQU+oFrzV
JI4KDXkQJ94C5wJticBKUO9zD3Fh3sZTKtXU2WOmFACbA+rPkyS15K8mm1TabtyL
EaI5Y4jK28DL0AvJzGvw8GgTc3/P9xp6b+xE26XiXqcpwKUTtL9WqMscAHr21i/K
6/YoBDyx/HCAu8jEDluEreeyjl8lIp23FhSzv5uXOLEP/hM15uT4BAnKWfioyNSW
L9069bY8ZF0fgkojjD8P
=H4AK
-----END PGP SIGNATURE-----