[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CyberLink products vulnerable to DLLHijacking

To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] CyberLink products vulnerable to DLLHijacking
From: exploit dev <extraexploit@xxxxxxxxx>
Date: Thu, 26 Aug 2010 04:55:16 +0200

Hi

Trying to play with the HD Moore tool on a default HP  notebook
installation, I have found that the CyberLink products seems vulnerable to
this kind of threat. I have check and test the proof of concept generated by
dllhijacking and works. The products are:

- CyberLink PowerDirector v7
- CyberLink Power2Go DVD v6.0

The issue is trigger with the iso,pdl,pds,p2g and p2i file formats, and DLL
request by the applications is the mfc71loc.dll or mfc71<country>.dll . If
interested http://extraexploit.blogspot.com

-- 
http://extraexploit.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Details of cisco-sa-20081022-asa security advisory?
Next by Date: [Full-disclosure] YouTube remote unsubscribe exploit
Previous by thread: [Full-disclosure] Details of cisco-sa-20081022-asa security advisory?
Next by thread: [Full-disclosure] YouTube remote unsubscribe exploit
Index(es):
- Date
- Thread