Friday, September 3, 2010

Applications vulnerable to Dll Hijacking

These are all the list of applications (along with dll name) that are vulnerable to Dll Hijacking attack in windows.
 For more Information about Dll Hijacking take a look at my previous posting on Dll preloading.

    * ArchiCad 13.00  (srcsrv.dll)
    * Nokia Suite contentcopier  (wintab32.dll)
    * Nokia Suite communicationcentre  (wintab32.dll)
    * Sony Sound Forge Pro 10.0 (MtxParhVegasPreview.dll)
    * Camtasia Studio 7  (mfc90enu.dll, mfc90loc.dll) 
    * Media Player Classic v1.3.2189.0  (ehtrace.dll)
    * Microsoft Help and Support Center  (wshfra.dll)
    * Microsoft Clip Book Viewer (mfaphook.dll)
    * Real Player 1.1.5 Build 12.0.0.879  (wnaspi32.dll)
    * SiSoftware Sandra  (dwmapi.dll)
    * SMPlayer v0.6.9 (wintab32.dll)
    * Winmerge v2.12.4 (MFC71ESN.DLL)
    * Steam Games (steamgamesupport.dll)
    * UltraISO Premium 9.36 .isz (daemon.dll)
    * wscript.exe (XP)  (wshfra.dll)
    * Autodesk AutoCAD 2007  (color.dll)
    * Daemon tools lite .mds (mfc80loc.dll)
    * Google Earth v5.1.3535.3218 .kmz  (quserex.dll)
    * Nullsoft Winamp 5.581 .cda  (wnaspi32.dll)
    * Media Player Classic 6.4.9.1  .mka (iacenc.dll)
    * Corel PHOTO-PAINT X3 v13.0.0.576 .cpt  (crlrib.dll)
    * CorelDRAW X3 v13.0.0.576 .cmx .csl  (crlrib.dll)
    * Adobe ExtendedScript Toolkit CS5 v3.5.0.52  (dwmapi.dll)
    * Adobe Extension Manager CS5 v5.0.298  (dwmapi.dll)
    * Mozilla Thunderbird  ( dwmapi.dll )
    * Microsoft Office PowerPoint 2007  (rpawinet.dll)
    * Roxio MyDVD 9  (HomeUtils9.dll)
    * Windows Internet Communication Settings  (schannel.dll)
    * Microsoft Windows Contacts  (wab32res.dll)
    * Adobe InDesign CS4  (ibfs32.dll)
    * Cisco Packet Tracer 5.2  (wintab32.dll)
    * Nvidia Driver  (nview.dll)
    * Adobe Illustrator CS4  (aires.dll)
    * Adobe On Location CS4  (ibfs32.dll)
    * Adobe Premier Pro CS4  (ibfs32.dll)
    * Roxio Creator DE  (HomeUtils9.dll)
    * Skype <= 4.2.0.169  (wab32.dll)
    * Mediaplayer Classic 1.3.2189.0  (iacenc.dll)
    * TechSmith Snagit 10 (Build 788)  (dwmapi.dll)
    * Ettercap NG-0.7.3  (wpcap.dll)
    * Microsoft Group Convertor .grp (imm.dll)
    * Safari v5.0.1  (dwmapi.dll)
    * Adobe Device Central CS5  (qtcf.dll)
    * Microsoft Internet Connection Signup Wizard  (smmscrpt.dll)
    * InterVideo WinDVD 5  (cpqdvd.dll)
    * Roxio Photosuite 9  (homeutils9.dll)
    * Microsoft Vista BitLocker Drive Encryption (fveapi.dll)
    * VLC Media Player  (wintab32.dll)
    * uTorrent DLL Hijacking Vulnerabilities
    * TeamMate Audit Management Software Suite  (mfc71enu.dll)
    * Microsoft Office Groove 2007  (mso.dll)
    * Microsoft Address Book 6.00.2900.5512  (wab32res.dll)
    * Microsoft Visio 2003  (mfc71enu.dll)
    * avast! <= 5.0.594 license files  (mfc90loc.dll)
    * Adobe Photoshop CS2  (Wintab32.dll)
    * Adobe Dreamweaver CS5 <= 11.0 build 4909  (mfc90loc.dll)
    * BS.Player <= 2.56 build 1043  (mfc71loc.dll)
    * Adobe Dreamweaver CS4  (ibfs32.dll)
    * TeamViewer <= 5.0.8703  (dwmapi.dll)
    * Microsoft Windows 7 wab.exe  (wab32res.dll)
    * Opera v10.61  (dwmapi.dll)
    * Microsoft Windows Movie Maker <= 2.6.4038.0  (hhctrl.ocx)
    * Firefox <= 3.6.8  (dwmapi.dll)
    * Windows Live Email  (dwmapi.dll)
    * Foxit Reader <= 4.0 pdf Jailbreak Exploit
    * uTorrent <= 2.0.3  (plugin_dll.dll)
    * Microsoft Power Point 2010  (pptimpconv.dll)
    * Wireshark <= 1.2.10  (airpcap.dll)
    * Notepad++ (SciLexer.dll)
    * Microsoft Power Point 2007 (pp4x322.dll)
    * Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll)
    * Microsoft Word 2007 (msapsspc.dll,schannel.dll, digest.dll, msnsspc.dll)
    * Microsoft Powerpoint 2007 (pp7x32.dll, pp4x322.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll)
    * Tftpd32 version 3.35 (IPHLPAPI.DLL)
    * Microsoft ATL Trace Tool Build 10.0.30319.1 atltracetool8.exe dwmapi extention .trc
    * Windows Live! Messenger (Build => 14.0.8117.416) msgsres.dll Hijacking
    * Active Perl v5.12.1 (wshenu.dll)
    * CATIA V5 R17 (hzs_lm.dll)
    * Autodesk AutoCAD 2007 (color.dll)
    * Cool Edit Pro 2.0 (coolburn.dll)
    * GOM Player 2.1.25.5015 (schannel.dll)
    * MAGIX Music Studio 12 deluxe (playripla6.dll)
    * Opera 10.61 (dwmapi.dll)
    * TeamViewer 5 (dwmapi.dll)
    * Windows Address Book (wab32res.dll)
    * Java Version 6 Update 21 (schannel.dll)
    * Windows Progman Group Converter (imm.dll)
    * NetStumbler 0.4.0 (mfc71enu.dll)
    * Windows Mail 6.0.6000.16386 (wab32res.dll)
    * TeamViewer (TV.dll)
    * Wireshark <= 1.2.10 (libintl-8.dll)
    * Microsoft Windows Media Encoder 9 .prx (msxml.dll)
    * Notepad++ V5.4.5 Dll Hijack (SpellChecker.dll)
    * Windows 7 and Vista Backup Utility .wbcat (fveapi.dll)
    * Virtual DJ 6.1.2 .mp3 hdjapi.dll
    * Atheros Client Utility dll Hijacking exploit (oemres.dll)
    * Internet download manager dll Hijacking exploit (idmmkb.dll)
    * Forensic Toolkit .ftk (MFC90DEU.DLL)
    * EnCase .endump (rsaenh.dll)
    * IBM Rational License Key Administrator .upd (IBFS32.DLL)
    * PGP Desktop 9.8 .pgp (credssp.dll)
    * Forensic CaseNotes .notes (credssp.dll)
    * Microsoft RDP .rdp (ieframe.dll)
    * pdf x viewer .pdf (wintab32.dll)
    * Ultr@ VNC Viewer .vnc (vnclang.dll)
    * Babylon v8.0.0.18 .txt (besextension.dll)
    * QtWeb v3.3 .htm, .xml (wintab32.dll)
    * IZArc 4.1.2.2012 .rar .zip .jar (ztv7z.dll)
    * Jetaudio v7.1.8.4006 plus VX .mp3 mogg .mov and others (wnaspi32.dll)
    * TechSmith Snagit v7.2.5 .snagprof (mfc71enu.dll)
    * QXDM v03.09.19 (Qualcomm eXtensible Diagnostic Monitor) .isf (mfc71enu.dll)

This listing was published to make security analysts aware of exploitable applications in order to protect their resources from any possible attacks.

1 comment:

ARun said...

Nice Effort dude, way to go!!!

Cheers,
Arun Sabapathy