← Advisories

Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit

High

Advisory ID

ZSL-2010-4955

Release Date

26 August 2010

Vendor

Google Inc. - http://www.google.com

Affected Version

5.1.3535.3218

CVE

CVE-2010-3134

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others.

Description

Google Earth suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .kmz thru quserex.dll and wintab32.dll libraries.

Proof of Concept

googlee_dll.cTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.exploit-db.com/exploits/14790

[2]http://www.packetstormsecurity.org/filedesc/googlee_dll.txt.html

[3]http://securityreason.com/exploitalert/8789

[4]http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

[5]http://www.exploit-db.com/dll-hijacking-vulnerable-applications/

[6]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3134

[7]http://osvdb.org/show/osvdb/67539

Changelog

26.08.2010Initial release

27.08.2010Added reference [1], [2], [3], [4] and [5]

13.11.2010Added reference [6] and [7]