Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| N/A | CWE-426 | Not disclosed | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Not specified | High | Local | 2018-03-19 |
########################## # Exploit Title: Efficient Sticky Notes Pro DLL hijacking Vulnerability # Software Link: http://www.efficientdownload.com/es/EfficientStickyNotesPro-Setup.exe # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage # Version: 5.50 # Vendor Homepage : http://www.efficientsoftware.net/ # Tested on : windows ########################## +--------------------------+ + Vulnerable DLL : + msvcr80.dll +--------------------------+ product: +-------+ Efficient Notes, you only need to manage your memos, notes and desktop sticky notes in one interface and one file. With its unique and powerful flash full-text search technique, simply enter a word in a note and you can locate this note quickly! The product has a strong edit function similar to that of Microsoft Word. +-------+ Impact: +-------+ Attacker can exploit the vulnerability to load a DLL file of the attacker's choosing that could execute arbitrary code. This may help attacker to Successful exploits the system if user creates shell as a DLL. Make Malicious dll. +-------+ Exploit: Place a dummy msvcr80.dll file with the malicious dll . When the file is opened you will get shell. ################################### #Thanks to : mtn08 && shayan 72 # Discovered By: Mr.voltage # skype: [email protected]
Copyright ©2024 Exploitalert.