[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

Kacper Mon, 05 Oct 2015 11:12:23 -0700

I attach PoC for plugins without file:// handler. Link is direclty
executing:


void WinUtil::openLink(const tstring& url) {
        ::ShellExecute(NULL, NULL, url.c_str(), NULL, NULL, SW_SHOWNORMAL);
}


** Attachment added: "exploit_without_file_scheme.dcext"
   
https://bugs.launchpad.net/dcplusplus/+bug/1502650/+attachment/4485011/+files/exploit_without_file_scheme.dcext

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1502650

Title:
  DC++ 0.851 - Arbitrary code execution

Status in DC++:
  In Progress

Bug description:
  Details and PoC:
  http://kacperrybczynski.com/research/dcpp_851_arbitrary_code_execution/

  By supplying an UNC path in the *.dcext plugin file or main/pm hub
  chat, a remote file will be automatically downloaded, which can result
  in arbitrary code execution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1502650/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help   : https://help.launchpad.net/ListHelp

[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

Reply via email to